Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cryptolocker - is there a solution now?


  • Please log in to reply
5 replies to this topic

#1 robertch

robertch

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 28 August 2014 - 04:00 PM

Hi,

 

In March my laptop was infected with Cryptolocker. Whilst it was easy to get rid of, the damage was immense. I read up about all the ransomware issues, abandoned it and I switched to my other laptop.

 

Anyway, I found a registry entry that listed all the files it 'locked' - 17240 in total! - at this location.

 

HKEY_CURRENT_USER\Software\B6DEF8395259905CF62BA61CD1B60E39

\PROTECTED

 

I see that crypotolocker was in the news a few weeks ago.I wondered if there had been any definite fix, reversal, or ability to retrieve the files?

 

At the time, whilst most of my stuff was backed up, I still lost about two weeks work (jpegs, pdfs, pngs, txts, docs) that I'd like to retrieve. If its really not possible, then I'm just going to format the drive, as its running very slow and most of the programs that contain any of those file extentions no longer run properly, as the progams contain some of those file extensions

 

Best wishes, R


Edited by Chris Cosgrove, 28 August 2014 - 05:23 PM.
Moved to 'General Security'


BC AdBot (Login to Remove)

 


#2 Aerys

Aerys

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:12 AM

Posted 28 August 2014 - 04:41 PM

If you can get a sample file that was encrypted, upload it to https://www.decryptcryptolocker.com/, some security companies were able to get access to the keys of the encrypted files, and will give them out for free. Good luck


He said the same thing he had been saying for hours... "burn them all".

-Jaime Lannister

Feel free to add me on Skype for help or to chat; lolballinn


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:12 AM

Posted 28 August 2014 - 06:18 PM

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it...including prevention, and possibly recover your files. Please note that the guide was updated 08/06/14 to include the following information.

FireEye and Fox-IT have released a method of possibly retrieving your private decryption key and a decrypter to use to decrypt your files...To try and retrieve your key, please visit their site http://www.decryptcryptolocker.com/ and enter your email and upload a copy of one of your CryptoLocker encrypted files. The service will then try attempt to decrypt that file using all of the known encryption keys. If they are able to successfully decrypt your file, they will then email you the decryption key with instructions on how to use it.

* FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker
* CryptoUnlocker GUI
* CryptoUnlocker has been updated to utilize the CryptoLocker Database in the registry

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program. Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 robertch

robertch
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 30 August 2014 - 05:28 PM

Hi,

 

I tried uploading a sample cryptolocked file to www.decryptcryptolocker.com and the screen hangs, gives me a pop up telling me not to turn off the page, but the file never uploads - i've tried with both a doc and a jpeg, both very small in size.

 

I've tried the cryptounlocker gui on a folder full of locked files using the key provided in the thread link, but it isn't recognising the files as locked.

 

r



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:12 PM

Posted 30 August 2014 - 07:36 PM

Unless you are posting to a "known" source, I would not send examples anywhere.

 

This forum along with others like Malwarebytes forum do have methods of dealing with many sensitive infection problems.

 

sUBs (ComboFix creator) will pick up from here, and resides daily at Malwarebytes forum to collect data for his program.

 

Just my view -

EDIT -

Nothing at all is directed towards member Aerys or the linked site.


Edited by noknojon, 30 August 2014 - 07:39 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:12 AM

Posted 31 August 2014 - 01:04 PM

I repeat....

...There is a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program. Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users