Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files decrypted after Cryptolocker virus, (2015)


  • This topic is locked This topic is locked
7 replies to this topic

#1 whowho32

whowho32

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 20 January 2015 - 02:04 PM

Hello,

Some days ago I apparently downloaded the cryptolocker virus somehow. Initially, I didn't know that I was really blackmailed, so I just formatted my pc because I was planning to do so either way. When I formatted my pc I connected my external drive which was connected to the pc before I formatted it. And then I realised that I was screwed, because half of my files were encrypted (mostly all of my mp3, jpeg and mov files, the rest of the files were ok). I tried to use decryptcryptolocker, but when I upload a file it doesn't get that my file is encrypted... Also I don't have previous versions of my files... just some copies of some of them.

I am sure that there is a way to decrypt my files because I phoned a data recovery company and explained the situation and they told me that they can recover my files, but I have to pay 200 euros. So please, is there anyone who knows how to solve this problem? If so, I will tattoo his or her name on my forehead!  :lmao: 

Thanks in advance!
 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 20 January 2015 - 02:19 PM

What type of crypto ransomware are you dealing with? Does it look like this or this, or something else?

If the ransomware does not look like either of those in the above links...reading through the following information may assist with identifying the crypto malware infection you are dealing with.Once you have identified which particular ransomware you are dealing with, we can direct you to the appropriate discussion topic for further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 whowho32

whowho32
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 20 January 2015 - 02:23 PM

cryptolocker.png
I can't identify it in the list, but this was exactly how it was like... 



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 20 January 2015 - 02:32 PM

It looks like a variant of PClock.

Information can be found in this topic: Cryptolocker copycat/ faker. Need advice (PClock)

There is also an ongoing discussion in this topic: New PClock CryptoLocker Ransomware discovered Support and Discussion.

...from the above topic.

Since most of the questions are duplicates I decided to create a short compilation of frequently asked questions...

At the moment there are 5 different variants of the malware in circulation. I am happy to say that we can help in the majority of cases. This is the current breakdown:
Files encrypted by variant 1 can be restored in all cases.
Files encrypted by variant 2 can be restored in about 95% of all cases.
Files encrypted by variant 3 can be restored in about 99% of all cases.
Files encrypted by variant 4 can be restored in about 1% of all cases.
Files encrypted by variant 5 can be restored in about 99% of all cases.
Files encrypted by variant 6 can be restored in about 1% of all cases.
Files encrypted by variant 7 can be restored in about 1% of all cases.

I am actively looking into variant 4, 6 and 7 at the moment, but it is unlikely that I will be able to provide decryption for it at all.

Fabian Wosar, Security Colleague Post #320

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 whowho32

whowho32
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 20 January 2015 - 02:35 PM

ok I'll post there. Thanx!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 20 January 2015 - 03:07 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 suziebee

suziebee

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 03 April 2015 - 10:35 PM

If we have variant of PCLOCK that was removed how do we try and recover files?



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 04 April 2015 - 06:11 AM

If we have variant of PCLOCK that was removed how do we try and recover files?

Ask in this discussion topic: New PClock CryptoLocker Ransomware discovered Support and Discussion.

...from the above topic.

Since most of the questions are duplicates I decided to create a short compilation of frequently asked questions...

At the moment there are 5 different variants of the malware in circulation. I am happy to say that we can help in the majority of cases. This is the current breakdown:
Files encrypted by variant 1 can be restored in all cases.
Files encrypted by variant 2 can be restored in about 95% of all cases.
Files encrypted by variant 3 can be restored in about 99% of all cases.
Files encrypted by variant 4 can be restored in about 1% of all cases.
Files encrypted by variant 5 can be restored in about 99% of all cases.
Files encrypted by variant 6 can be restored in about 1% of all cases.
Files encrypted by variant 7 can be restored in about 1% of all cases.

I am actively looking into variant 4, 6 and 7 at the moment, but it is unlikely that I will be able to provide decryption for it at all.

Fabian Wosar, Security Colleague Post #320
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users