Link to home
Start Free TrialLog in
Avatar of David Whyte
David WhyteFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Locky Decryption

Hi,

Im looking for a program which can decrypt files which have been infected with the LOCKY virus. From what I read on the web, only professional data forsensic companies can do this and they are quoting $3000+ to do the job, when I questioned them about how they would do it, one said they would buy the decrypt keys from the hackers!

I found that Kapersky has managed to decrypt similar infections but I cannot seemed to find anyone who has done locky as yet.

I have got Shadow Explorer installed and that has given me some level of success but to be completely clear of the infection, I would like to run a true decryptor across the whole drive since there are many files which have been encrypted.

In terms of backups, I was not made aware of the infection which hit about half hour before the backup started (only do nightly backups onto USB disk) so by the time I was told it was the next day so I was not able to make use of the backup.

Any ideas?

Ta
SycamoreIT
SOLUTION
Avatar of MasterNe0
MasterNe0

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of rindi
rindi
Flag of Switzerland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of David Whyte

ASKER

Thanks for your comments so far guys, whats the likelihood of Locky being decrypted in the future?
Maybe in 1 or 2 decades, or when quantum computers get common, it may be possible. Otherwise it is mainly dependent on luck, for example if the criminals get caught along with their servers. So it is very unlikely.

Anyway, there is no point in keeping the encrypted data and waiting it out as first of all the data isn't important, and by the time a resolution is found that data will most probably be outdated anyway.
Avatar of btan
btan

I wouldnt bet on that decryption wait as the brute forcing will not come in long years.
All of your files are encrypted with RSA-2048 and AES-128 ciphers. Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.”
Otherwise unless the crypto are flawed or the private key is revealed or obtained somehow brute force based on its long key length is just not practical. Probably by the time the data itself is not worthwhile or valid in that future year to come.

In short not worth waiting and I do not think we should count on that.
So far all the decryptors i have seen myself have come about due to the ransomware programmer making a mistake or leaving a hole that allow the decryptor to work in the first place.

RIght now these ransomware is getting worst and worst and the only solution is to have a backup in place that constantly backing your data whether it a on-site option or a cloud solution.
Thank you to all contributors, all very valid comments, ok to share points between everyone who posted?
it up to you. as long as it answers your questions in the end.
Thanks all.