Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

4th variantion of the PClock CryptoLocker Ransomware - group


  • Please log in to reply
24 replies to this topic

#1 btravel

btravel

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 11 January 2015 - 08:02 PM

Group with news about the solution for this variant

Edited by Budapest, 12 January 2015 - 05:21 AM.
Moved from: Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 backcity

backcity

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 12 January 2015 - 07:38 AM

I have lost my faith...9 hours to left



#3 btravel

btravel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 12 January 2015 - 07:56 AM

I have lost my faith...9 hours to left

Hi backcity

 

are you considering to pay the ransoms? Fabian said is not worth to pay because even them can not decrypte the files.

Why did they make it then? Just to bleep us?



#4 Orchid6

Orchid6

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:07:28 PM

Posted 12 January 2015 - 10:14 AM

Hi everyone, I think i have the 4th variant also =S i was not able to recover any of my data with the fixes they provided sadly u.u so just wondering when did you get infected?



#5 btravel

btravel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 12 January 2015 - 10:22 AM

last friday. For fabian, there is no solution for the 4th variaton case. I contacted the company that did this online tool, available for the first variation.

https://www.decryptcryptolocker.com/

 

I am waiting for their answer. I will post here if I get something from them.



#6 lukyluk

lukyluk

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 12 January 2015 - 02:21 PM

Helo ,

Shometing news about decriptyng version 4 ?



#7 btravel

btravel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 12 January 2015 - 02:26 PM

Helo ,

Shometing news about decriptyng version 4 ?

Hi,

Still nothing out there :(



#8 vikktor

vikktor

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 12 January 2015 - 03:15 PM

I just made my "variant 4" report here:

 

http://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/page-28#entry3593996

 

 

You can prolong the countdown by killing wincl.exe process, editing registry value with date, and running the process again, but I really doubt that countdown matters at all.



#9 btravel

btravel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 12 January 2015 - 05:53 PM

I just made my "variant 4" report here:

 

http://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/page-28#entry3593996

 

 

You can prolong the countdown by killing wincl.exe process, editing registry value with date, and running the process again, but I really doubt that countdown matters at all.

 

Are you thinking in paying the bitcoin? Have you heard if somebody got the files to the normal stage paying that thing?



#10 vikktor

vikktor

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 13 January 2015 - 04:46 AM

 

I just made my "variant 4" report here:

 

http://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/page-28#entry3593996

 

 

You can prolong the countdown by killing wincl.exe process, editing registry value with date, and running the process again, but I really doubt that countdown matters at all.

 

Are you thinking in paying the bitcoin? Have you heard if somebody got the files to the normal stage paying that thing?

 

 

Nope, as far as I know, it's stated few times in the other forum thread that files wont be decrypted even if you pay.



#11 vikktor

vikktor

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 13 January 2015 - 10:53 AM

As the server http://vgresgrweu5vpucb.onion.cab - where pclock is storing decryption keys went down, I don't see the possibillity of ever decrypting files that were encrypted with variant four, afaik.



#12 btravel

btravel
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 13 January 2015 - 11:56 AM

As the server http://vgresgrweu5vpucb.onion.cab - where pclock is storing decryption keys went down, I don't see the possibillity of ever decrypting files that were encrypted with variant four, afaik.

 

That is really sad. I would have to pay to the evils.

 

I was in the point, after 4 months of hard work, to delivery a job this week. Now I have to redo everything in 2 weeks. I am not brave enough to say to my client that I lost everything because i didnt have a proper backup solution.

 

I would like to have some time to send emails to all encrypting companies over the world asking for help. Do you think is it a good idea?



#13 vikktor

vikktor

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 13 January 2015 - 01:50 PM

 

As the server http://vgresgrweu5vpucb.onion.cab - where pclock is storing decryption keys went down, I don't see the possibillity of ever decrypting files that were encrypted with variant four, afaik.

 

That is really sad. I would have to pay to the evils.

 

I was in the point, after 4 months of hard work, to delivery a job this week. Now I have to redo everything in 2 weeks. I am not brave enough to say to my client that I lost everything because i didnt have a proper backup solution.

 

I would like to have some time to send emails to all encrypting companies over the world asking for help. Do you think is it a good idea?

 

 

 

Yes, that would be great! Please keep us informed!


Edited by vikktor, 13 January 2015 - 01:50 PM.


#14 jrcouso

jrcouso

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:28 AM

Posted 13 January 2015 - 02:08 PM

I really trust in Fabian words when he says that making the pay will not have success in anyway. Actually finished my time in 4th version... them, we have to wait for another solution or another way to recover files (more than 10.000 family pics, music and books in my case...)



#15 Orchid6

Orchid6

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mexico
  • Local time:07:28 PM

Posted 13 January 2015 - 02:35 PM

Same here u.u 10 years of memories in those pictures, i still have faith that maybe we can recover something some other way, shame on me for not having a backup, only some folders on my dropbox and others that i uploaded to facebook.

 

Im looking around if i can somehow recover modified files without a previous version point like a had.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users