Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • This topic is locked This topic is locked
1 reply to this topic

#1 Chuck Sp

Chuck Sp

  • Members
  • 36 posts
  • Local time:08:01 PM

Posted 09 September 2013 - 09:26 PM

Hi All,


At the request of a moderator I am starting a new topic. 


Several Clients have been infected with cryptolocker malware/ransomware.  Key difference in this new infection is that IT DOES WHAT IT SAYS and encrypts (in some form or fashion) all MS Office and wordperfect or JPG and other file formats.  Rendering them inaccessible to the user.  It does this locally and on any accessible network hard drives.


Is there any hope for decryption without paying or a good backup?


Two of my clients had good backups and one did not (didnt execute implemented backup plan) and doing a restore on the ones we can, and the backupless guy decided to pay (and the decryption is actually taking place as I type).


Any help or hope for detection/prevention and a way to move forward with this new threat?


The malware itself is trivial to remove but it leaves the files "encrypted" and inaccessible to the end user.

BC AdBot (Login to Remove)


#2 Casey_boy


    Bleeping physicist

  • Malware Response Team
  • 7,765 posts
  • Gender:Male
  • Location:UK
  • Local time:02:01 AM

Posted 10 September 2013 - 09:00 AM

Hi Chuck,

As you are now aware from the CryptoLocker topic, there is no way that we can currently decrypt those files. For the benefit of anybody else reading this topic, please read this post:




Since you have received some answers in the other topic, I am going to close this one. 


If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users