?
Solved

Your personal files are encrypted by CTB-Locker

Posted on 2015-01-20
7
Medium Priority
?
442 Views
Last Modified: 2015-02-17
Hi
I have a client that was hit by CTB-Locker malware / ransomware.
I have removed it but cannot seem to find any way to decrypt his files.

Does anyone know how I can do this?
0
Comment
Question by:bax2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Assisted Solution

by:Lior Karasenti
Lior Karasenti earned 501 total points
ID: 40559308
Unfurtunently there is no way to decrypt the files
You can:
1.pay the ransom
2.restore the files from backup
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 501 total points
ID: 40559310
Unfortunately when you are hit with these types of "ransomware" you can only recover your files through backups.

In order to decrypt the files you have to pay the virus makers for the decryption key. Even if you pay them they may not give you the decryption key, as they really have no inclination to do so. Restore from backups - it's your only real solution.

See here if you'd like some help identifying which files have been encrypted: https://curah.microsoft.com/293812/decrypt-your-files-damaged-by-ctb-locker-virus
0
 
LVL 49

Assisted Solution

by:dbrunton
dbrunton earned 498 total points
ID: 40560443
See http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

Makes some suggestions as to data recovery but most likely if you don't have backups you are screwed.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 40560665
"Even if you pay them they may not give you the decryption key, as they really have no inclination to do so."

Not strictly true. although there's no way I'd advocate paying; perversely it is actually in the ransomer's interest to provide an unlock key once paid as this actually encourages other victims to consider paying up too.  This was seen as the case with Cryptolocker during its first year.

Not for points just for info.
0
 
LVL 3

Expert Comment

by:Mike Sun
ID: 40561469
If you do not have backups it's worth trying  the "restore previous versions" option by right-clicking the file or parent folder with the encrypted items.
0
 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 40565987
There is a solution that I saw today, I didn't try it because we already reinstalled our infected computer
but you can try it if you didn't format the infected computer
follow the instructions here:

https://www.decryptcryptolocker.com/
0
 
LVL 49

Expert Comment

by:dbrunton
ID: 40566083
Lior Karasenti

Your link is for CryptoLocker.  The questioner has been hit with CTB-Locker.   The two are different ransomwares.

The first one has been solved for getting data files back.  The second has not.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question