Decryption keys are now freely available for victims of CryptoLocker

I want to make something very clear to any users just now getting to this thread because they were infected by "CryptoLocker"! The real Cryptolocker has been down, and has not returned for awhile now! This means that what ever infection you have, is a new one Fake one! Before EVER considering paying for the ransom you should always make it first priority to ask on the thread first or PM any member to ask for help! Things that will help us identify your infection is Screenshots of any windows, The Ransom Note, and the EXE if you have it..

Nathan (DecrypterFixer), Security Colleague Post #3223

...For those of you emailing me about CryptoLocker: Stop. You do not have CryptoLocker, that infection has been dead for awhile and you most likely have TorrentLocker, or a copycat of some kind.

Nathan (DecrypterFixer), Security Colleague Post #3241
 
Information about a fake CryptoLocker can be found in this discussion topic: TorrentLocker Support and Discussion Thread (CryptoLocker copycat)

 

xXToffeeXx~

Infection Detection Tool v1.6 - Nathan Scott -------------------------------------------- Date/Time: 11/25/2014 7:59:59 AM Operating System: Windows 7 Service Pack: Service Pack 1 Version Number: 6.1 Product Type: Workstation -------------------------------------------- [Detected Flags] 1.| Possible CryptoWall Flag , HKCU\Software\AD8F25D1305DB699C22D34C42CE7C315\1222334457CCCCDE

One of our users recently got some form of this malware, all of his files were changed to a .umjdpuf extension.  Its even effected some of the files on a network drive he connected to.  Is there anything I can use or try to decrypt the files? I tried https://www.decryptcryptolocker.com/ but it fails to detect anything. Thanks. 

This paired with Foolibleep is pretty awesome, it's been a few months since I hear of Cryptolocker but man it was a pain in the butt if they didn't have any backups.

Infection Detection Tool v1.6 - Nathan Scott -------------------------------------------- Date/Time: 11/25/2014 7:59:59 AM Operating System: Windows 7 Service Pack: Service Pack 1 Version Number: 6.1 Product Type: Workstation -------------------------------------------- [Detected Flags] 1.| Possible CryptoWall Flag , HKCU\Software\AD8F25D1305DB699C22D34C42CE7C315\1222334457CCCCDE

I have the same problem  !!!!! 

 

? The tool is telling you that you have the CryptoWall infection, not Cryptolocker. Please use the thread that the tool provides for you for support / info.

Thanks Nathan

Ok, just read a few of the threads, and still have all our files locked.  Here is a copy of the html page that pops up:

Can you please advise if there is a decryption tool now?

 

Thanks

 

Sabina

My PC has been infected by CTB-cryptolocker... I have tried getting the decryption key through the site: www.decryptolocker.com; however, it couldn't detect that the uploaded file is encrypted by cryptolocker and it's returning the message "please upload a file that is encrypted by cryptolocker". Please advise... Thanks

Hello, 
 

My PC has been infected by CTB-cryptolocker... I have tried getting the decryption key through the site: www.decryptolocker.com; however, it couldn't detect that the uploaded file is encrypted by cryptolocker and it's returning the message "please upload a file that is encrypted by cryptolocker". Please advise... Thanks

CTB Locker is not CryptoLocker, so uploading files to www.decryptolocker.com will not work. 
 
Please see the following for information on CTB Locker:
http://www.bleepingcomputer.com/forums/t/546045/new-critroni-variant-offers-free-test-decryption-and-now-uses-ctb2-extension/
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information
http://www.bleepingcomputer.com/forums/t/542564/ctb-locker-or-decryptallfilestxt-encrypting-ransomware-sets-extension-to-ctbl/
http://malware.dontneedcoffee.com/2014/07/ctb-locker.html

HELP ME

THE INFECTED FILE HAVE THIS EXTENSION: .enpzmmg

 

PROGRAM WHICH I HAVE TO DOWNLOAD TO TRY TO REPAIR MY FILE ?

PLEASE HELP ME

I was originally infected with the first crytolocker virus in October of 2013. I seemed to be AHEAD of the wave. My IT guy stays on top of it, and we made big mistakes trying to repair. Months went by, and I just waited for a decryption tool to arrive. After 6 months I gave up. recently I found out that I had missed out on the decryption solution by a couple of months.

I have recently utilized the free service to isolate my key. It works, I have successfully unlocked five types of files.

the problem I have today, is that I missed out on the big wave of people repairing drives, I have seen a couple of GUI interfaces that allow multiple files to be loaded to be decrypted, however, with the new wave of virus' I cannot find a place to download this GUI.

I have over 23,000 encrypted files. The one at a time method is just not going to cut it.

Could someone please post a CURRENT link to a mass decryption routine please.

I have the ORIGINAL virus. I HAVE the key. I just need a program to mass apply the key.

Seems the FALSE positives, have rendered my attempts to get back on the curve pretty tough.

shoot me at email at nscott@easysyncsolutions.com and ill get u a link to the GUI app I made for it, if that's what ur referring to

Hello,

 

I have a lot of infected files and i don't have any idea how to fix them. Decryptolocker page doesn't have menu to upload files... What can I do? I have files in DLSZTNF format. Please, give me some advices... My computer is clear now.

 

Best regards,

Kamil

Hi HugoL3

You have been infected with a different Cryptoware called CTB-Locker (or one of it's variant). The current support thread for it can be found below.

CTB Locker or DecryptAllFiles.txt Encrypting Ransomware sets extension to .CTBL

If you want to know more about CTB-Locker, you can read the FAQ hosted on BleepingComputer.

CTB Locker and Critroni Ransomware Information Guide and FAQ