Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cryptolocker Struck Again

  • Please log in to reply
1 reply to this topic

#1 anubisrwml


  • Members
  • 1 posts
  • Local time:05:04 PM

Posted 30 May 2014 - 11:06 PM

My company has had a serious issue - we were infected by Cryptolocker, or so we suspect. We attacked the virus pretty quickly once we noticed what was going on, but it executed late in the night and it had already affected a lot of critical files. Our IT dept failed to notice that our backups were faulty as well...now we're in trouble.
We didn't get a pop up for the Cryptolocker virus, so we have no way to pay the ransom and as we have no way to recover the files, we need to find a way to get a hold of them to pay it. As it may seem petty, as we have lost hundreds of thousands of dollars worth of company data, we can't simply let it go and have to find a way to correct this issue.
We do have a pre-encrypted file and a post encrypted file, thinking we could simply break the encryption but alas, after further investigation there's no way to break the encryption with that method that is known.
I hate to ask it, but does anyone happen to know how to get a hold of a command and control center for cryptolocker so we can upload a file and know for sure if it was them (it could have been a variant or even a destructive spin off but if we can pay it and get a key, we have to try)
Any help and advice would be appreciated - please don't badger me about not paying the ransom - it's about the only option we have left to recover the massive amount of intellectual data that's been lost.
Thanks and hope to hear back soon!

Mod Edit: moved to General Security from Server
~~ boopme

Edited by boopme, 31 May 2014 - 08:52 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,769 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:04 PM

Posted 01 June 2014 - 08:58 AM

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it...including prevention, and possibly recover your files.

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program. Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users