Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decryption keys are now freely available for victims of CryptoLocker


  • Please log in to reply
207 replies to this topic

#196 victimed

victimed

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 22 December 2016 - 06:31 PM

i am a victim of PClock.

the ID tool says there is no way to fix it yet....

but please help....i have lost all data + data on my flash usb

 

what to do ?

thanks in advance for your help



BC AdBot (Login to Remove)

 


#197 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 22 December 2016 - 06:36 PM

Although it is a copycat, PClock is a different infection than CryptoLocker.

Unfortunately, there is no longer any way to provide decryption for newer PClock variants without paying the ransom. The Emsisoft Decrypter created for earlier PClock variants will not work. Fabian explains why in Post #987.

There are ongoing discussions in these topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#198 fsai

fsai

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 15 March 2017 - 07:43 PM

At the risk of reviving a dead topic:

I had witnessed a CryptoLocker attack in late 2013 and it caused some havoc then. After analyzing the damage I figured out I couldn't do anything at the time, put the files away and forgot about them.
Recently I rediscovered these files, did a bit of googling and figured out the files can be decrypted - at least theoretically - because the private keys were leaked somewhere.
But the online tool that makes the decryption possible is not availible anymore and I can't find the private key collection anywhere either. Is there anything I can do now?

(PS: Yeah, I'm pretty sure the trojan was CryptoLocker and nothing else. I've uploaded an encrypted example file, if it helps: http://s000.tinyupload.com/index.php?file_id=04074675049511386183 )



#199 Macpain

Macpain

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 16 March 2017 - 06:51 AM

i'm in the same shame here, Cryptowall, hoping that there will be some solution soon.

I've tried many data recovery, but none worked fine for me, only old stuff, correctly deleted by me, previously :(

 

maybe have you some experience for this issue? any data recovery that worked fine for you with crypto_wall deleted fils?

 

thank in advance

 

(sad.. :( )

any news? :(



#200 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 16 March 2017 - 08:07 AM

I don't know of anywhere else that has the keys, and FireEye officially shutdown the service because any newer infections are most definitely not the original CryptoLocker.

 

You are sure it is not Cryt0L0cker (TorrentLocker) or PClock? Those are common copycats.

 

If it was truly the original CryptoLocker from 2014, then you essentially missed your chance since the website was taken down years ago. You can try contacting FireEye, but it seems they will not respond.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#201 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 16 March 2017 - 08:14 AM

i'm in the same shame here, Cryptowall, hoping that there will be some solution soon.
I've tried many data recovery, but none worked fine for me, only old stuff, correctly deleted by me, previously :(
 
maybe have you some experience for this issue? any data recovery that worked fine for you with crypto_wall deleted fils?

any news? :(

CryptoWall is a different infection and there still is no known way (free solution) to decrypt files encrypted by CryptoWall without paying the ransom.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#202 fsai

fsai

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 19 March 2017 - 12:08 PM

You are sure it is not Cryt0L0cker (TorrentLocker) or PClock? Those are common copycats.

 

If it was truly the original CryptoLocker from 2014, then you essentially missed your chance since the website was taken down years ago. You can try contacting FireEye, but it seems they will not respond.

Pretty sure it wasn't a copycat - they didn't even exist at the time of the infection.

And FireEye doesn't respond at my E-Mails at all. ...any other Ideas, maybe contacting a specific person there?



#203 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 19 March 2017 - 05:32 PM

I don't know if they can help anymore but at the bottom of the FireEye Company information page there is a Contact Us phone number.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#204 will1990

will1990

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:03 PM

Posted 22 March 2017 - 10:02 AM

Good luck.

Got in touch with DR web last year and unfortunately they were unable to help with the encryption. Do I have any other options, now we're almost a year on? 

 

Thanks for your continued help. 

Will 



#205 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 22 March 2017 - 05:21 PM

You can try to contact FireEye Company as I advised the previous poster in my last reply.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#206 ZebisNZ

ZebisNZ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 AM

Posted 16 May 2017 - 05:01 AM

Interestingly I have a similar issue, a work computer was infected in late 2013. I just put a new SSD drive in and re-imaged new OS / apps and restored data from previous nights backup.

I still have the untouched drive from 2013 and it would be an interesting to see if any decryption could be done for experiment.

 

I guess the only point of contact as previously mentioned is to contact FireEye. Just a shame I didn't know this before it closed, even though I don't need the data.

 

Matt



#207 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 05 June 2017 - 07:31 PM

Unfortunately, I am not aware of another alternative.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#208 vicky_baloch1

vicky_baloch1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Azad Balochistan
  • Local time:06:03 AM

Posted 15 June 2017 - 01:21 AM

:ranting: i have only one wish remains into my life 

WISH : to kill each & every ransomware hacker and drink their blood then give their dead bodies to street dogs 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users