Original CryptoWall Ransomware Support and Help Topic - DECRYPT_INSTRUCTION.html

i have a same problem like all people here. was infected all docs, db and other files was crypted .  Boss gave me 5 days to get my files back . i tried decrypt files by myself but IT WAS a BIG MISTAKE , because when i try to decrypt by myself i corrupt alghorithm , after payment  i received decrypt.zip  .  But not all my files was decrypted. I contacted to Cryptowall support and they help me to understand why my files was not decrypted.



 

    until about 20 hours later in which we received a notice saying we couldn't contact the server

 

I think you must contact to their support. i am sure they will help you. if you real made payment

Ronny_Add

I have same problem with dbf files.  I contacted with IT specialist and he help me undestand  that it was   crypted by "CryptoLocker"  and i need to pay again

but it was only   14 files  other 387 was not crypted and i decrypt it by decrypt.zip succesefull. it's may be 2 virus at the site from which you was infected. i,t's very hard to my mind
 

i have a same problem like all people here. was infected all docs, db and other files was crypted .  Boss gave me 5 days to get my files back . i tried decrypt files by myself but IT WAS a BIG MISTAKE , because when i try to decrypt by myself i corrupt alghorithm , after payment  i received decrypt.zip  .  But not all my files was decrypted. I contacted to Cryptowall support and they help me to understand why my files was not decrypted.



 

    until about 20 hours later in which we received a notice saying we couldn't contact the server

 

I think you must contact to their support. i am sure they will help you. if you real made payment

Ronny_Add

I have same problem with dbf files.  I contacted with IT specialist and he help me undestand  that it was   crypted by "CryptoLocker"  and i need to pay again

but it was only   14 files  other 387 was not crypted and i decrypt it by decrypt.zip succesefull. it's may be 2 virus at the site from which you was infected. i,t's very hard to my mind
 

Are you able to upload the decrypt.zip file somewhere like dropbox please so I and others can download it?

Other victim decrypters will not help you. They all have a unique RSA key in them. Sorry.

Other victim decrypters will not help you. They all have a unique RSA key in them. Sorry.

Yes I understand that but I think I've worked out a way to decrypt my client's files but all I need is the software to do it.

Unless you have found a way to factor a 2048 RSA key with todays technology, or found a glitch where the key is found, i dont see how thats possible. I have looked in the assembly and pseudo code of this infection and its confirmed as RSA. Its CryptoDefense with a different name. Fabian found a glitch in an older version, but that since has been patched up.

Sorry.

Also the decrypter is the exact same as CryptoDefense, Which is a very public EXE. Search around on google, you will find it if you really want it, but like i said, Its RSA 2048.

I currently have the same problem. I can access my windows photo gallery and see the pictures but I can't email them (they email over as blank)or I can't open them individually (it says the file appears to be damaged or corrupted)

In my Documents I have a folder called;

decrypt_cryptodefense and in that folder is; CryptoOffense.exe and decrypt_cryptodefense.exe.

Will it help if I delete these exe files? How do I do that?

In my Downloads I have the following (3) files;

DECRYPT_INSTRUCTION.TXT

DECRYPT_INSTRUCTION.HTML

DECRYPT_INSTRUCTION

Should I also delete these files? How do I do that?

Thanks in advance for any help!

Interesting update

http://www.theguardian.com/technology/2014/jun/02/cryptolocker-virus-nca-malware-protection

I doubt anyone infetected wanting to pay ransom is out of luck while they are on the run.

Grinler is correct,  This hasn't made any other ransom except cryptolocker skip a beat.

I had to reload the OS on a computer that got hit with cryptobit, and the old os is still there under windows.old.  The computer owner is willing to pay the "ransom".  but, if he does indeed get what he needs from the hackers to unencrypt his files, will it be able to with a brand new OS loaded on the pc?  also, a month has passed since he got the virus so I don't know if there is a time limit the hackers put on their "fix".  thanks for any help or advice.  

Just got infected from an email that contained a fax message.

I had downloaded it to a separate external drive, but it the files to my Dropbox account 

It copied the 3 files to every other drive connected to my PC (except the network drives), and EVERY dropbox folder...

I was able to stop the dropbox synching and manually dele all the newly created files, but not sure if I got to them in time.

Edited by TTPinc, 05 June 2014 - 11:55 AM.

TTPinc, we got the same thing then.  It looks like it didn't hit any of our network shares either.  Looking at HKCU\Software\"random numbers"\CRYPTLIST and every file listed is on the local machine.  One of our terminal server users ran it and it appears to be solely on that user's profile.  I don't see any evidence of it hitting the shares.  I'm going to probably wipe the two workstations that got hit, and I'm hoping that just deleting that one profile from the terminal server will be OK.

DClark: 

It does propagate to the network shares. It got to my server but doesn't seem to have gotten to my "D mybook live external drive.

check in any "Download" folder on those and you'll find copies of it.

I found that doing a search from start menu search box seemed to find most of them