Solved

Your personal files are encrypted by CTB-Locker

Posted on 2015-01-20
7
433 Views
Last Modified: 2015-02-17
Hi
I have a client that was hit by CTB-Locker malware / ransomware.
I have removed it but cannot seem to find any way to decrypt his files.

Does anyone know how I can do this?
0
Comment
Question by:bax2000
7 Comments
 
LVL 17

Assisted Solution

by:Lior Karasenti
Lior Karasenti earned 167 total points
ID: 40559308
Unfurtunently there is no way to decrypt the files
You can:
1.pay the ransom
2.restore the files from backup
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 167 total points
ID: 40559310
Unfortunately when you are hit with these types of "ransomware" you can only recover your files through backups.

In order to decrypt the files you have to pay the virus makers for the decryption key. Even if you pay them they may not give you the decryption key, as they really have no inclination to do so. Restore from backups - it's your only real solution.

See here if you'd like some help identifying which files have been encrypted: https://curah.microsoft.com/293812/decrypt-your-files-damaged-by-ctb-locker-virus
0
 
LVL 48

Assisted Solution

by:dbrunton
dbrunton earned 166 total points
ID: 40560443
See http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

Makes some suggestions as to data recovery but most likely if you don't have backups you are screwed.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40560665
"Even if you pay them they may not give you the decryption key, as they really have no inclination to do so."

Not strictly true. although there's no way I'd advocate paying; perversely it is actually in the ransomer's interest to provide an unlock key once paid as this actually encourages other victims to consider paying up too.  This was seen as the case with Cryptolocker during its first year.

Not for points just for info.
0
 
LVL 3

Expert Comment

by:Mike Sun
ID: 40561469
If you do not have backups it's worth trying  the "restore previous versions" option by right-clicking the file or parent folder with the encrypted items.
0
 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 40565987
There is a solution that I saw today, I didn't try it because we already reinstalled our infected computer
but you can try it if you didn't format the infected computer
follow the instructions here:

https://www.decryptcryptolocker.com/
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 40566083
Lior Karasenti

Your link is for CryptoLocker.  The questioner has been hit with CTB-Locker.   The two are different ransomwares.

The first one has been solved for getting data files back.  The second has not.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question