Solved

Your personal files are encrypted by CTB-Locker

Posted on 2015-01-20
7
436 Views
Last Modified: 2015-02-17
Hi
I have a client that was hit by CTB-Locker malware / ransomware.
I have removed it but cannot seem to find any way to decrypt his files.

Does anyone know how I can do this?
0
Comment
Question by:bax2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Assisted Solution

by:Lior Karasenti
Lior Karasenti earned 167 total points
ID: 40559308
Unfurtunently there is no way to decrypt the files
You can:
1.pay the ransom
2.restore the files from backup
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 167 total points
ID: 40559310
Unfortunately when you are hit with these types of "ransomware" you can only recover your files through backups.

In order to decrypt the files you have to pay the virus makers for the decryption key. Even if you pay them they may not give you the decryption key, as they really have no inclination to do so. Restore from backups - it's your only real solution.

See here if you'd like some help identifying which files have been encrypted: https://curah.microsoft.com/293812/decrypt-your-files-damaged-by-ctb-locker-virus
0
 
LVL 48

Assisted Solution

by:dbrunton
dbrunton earned 166 total points
ID: 40560443
See http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

Makes some suggestions as to data recovery but most likely if you don't have backups you are screwed.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40560665
"Even if you pay them they may not give you the decryption key, as they really have no inclination to do so."

Not strictly true. although there's no way I'd advocate paying; perversely it is actually in the ransomer's interest to provide an unlock key once paid as this actually encourages other victims to consider paying up too.  This was seen as the case with Cryptolocker during its first year.

Not for points just for info.
0
 
LVL 3

Expert Comment

by:Mike Sun
ID: 40561469
If you do not have backups it's worth trying  the "restore previous versions" option by right-clicking the file or parent folder with the encrypted items.
0
 
LVL 17

Expert Comment

by:Lior Karasenti
ID: 40565987
There is a solution that I saw today, I didn't try it because we already reinstalled our infected computer
but you can try it if you didn't format the infected computer
follow the instructions here:

https://www.decryptcryptolocker.com/
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 40566083
Lior Karasenti

Your link is for CryptoLocker.  The questioner has been hit with CTB-Locker.   The two are different ransomwares.

The first one has been solved for getting data files back.  The second has not.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question