Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Crypto infection - files are more important than computer. Do I pay?


  • This topic is locked This topic is locked
4 replies to this topic

#1 FPB

FPB

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 17 January 2015 - 11:37 AM

Hello! Was directed here by a respected friend who advised you may be able to help. I think what you guys are doing here to fight these criminals is amazing.

Anyway, Notebook containing many images for work was infected last week when downloading iTunes. Did not notice the infection until after the ''deadline" had passed.

Should I give in and pay or have my chances of any recovery ended?


Edited by hamluis, 17 January 2015 - 12:19 PM.
No logs, moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 VİUlyanov

VİUlyanov

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 17 January 2015 - 12:27 PM

Turkish National Informatics an Information Security Research Centre (TUBİTAK_BİLGEM) has developed a decrypter for torrentlocker or cryptolocker viruses.

You may reach the decrypter from "https://zar.sge.gov.tr/Decrypter/FileUpload" adress.

I tried it, it works :)

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 PM

Posted 17 January 2015 - 03:00 PM

What type of crypto ransomware are you dealing with? Does it look like this or this, or something else?

If the ransomware does not look like either of those in the above links...reading through the following information may assist with identifying the crypto malware infection you are dealing with.Once you have identified which particular ransomware you are dealing with, we can direct you to the appropriate discussion topic for further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 FPB

FPB
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 17 January 2015 - 03:05 PM

It looks like the first link - message with red background.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:09 PM

Posted 17 January 2015 - 03:17 PM

Information can be found in this topic: Cryptolocker copycat/ faker. Need advice (PClock)

There is also an ongoing discussion in this topic: New PClock CryptoLocker Ransomware discovered Support and Discussion.

...from the above topic.

Since most of the questions are duplicates I decided to create a short compilation of frequently asked questions...

At the moment there are 5 different variants of the malware in circulation. I am happy to say that we can help in the majority of cases. This is the current breakdown:
Files encrypted by variant 1 can be restored in all cases.
Files encrypted by variant 2 can be restored in about 95% of all cases.
Files encrypted by variant 3 can be restored in about 99% of all cases.
Files encrypted by variant 4 can be restored in about 1% of all cases.
Files encrypted by variant 5 can be restored in about 99% of all cases.
Files encrypted by variant 6 can be restored in about 1% of all cases.
Files encrypted by variant 7 can be restored in about 1% of all cases.

I am actively looking into variant 4, 6 and 7 at the moment, but it is unlikely that I will be able to provide decryption for it at all.

Fabian Wosar, Security Colleague Post #320

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users