Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New CryptoTorLocker2015 Ransomware discovered and easily decrypted


  • Please log in to reply
39 replies to this topic

#31 cryppled

cryppled

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 24 February 2015 - 12:01 AM

Hi Nathan - Had infection on 19/11/2014. All files in the current user  were encrypted. I am sure the original virus is gone but need to decrypt many files if possible. Using Win XP SP3 - Sophos. Here is a reoport on one file

Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 24/02/2015 04:50:42
Operating System: Windows XP
Service Pack: Service Pack 3
Version Number: 5.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]
1.|  Possible TorrentLocker Flag , C:\Documents and Settings\admin\Desktop\He's not perfect.doc.encrypted
 
Have emailed a 4mb file and the ransom demand. From User e-mail address removed to protect from spambots.
 
Would appreciate some pointers to decrypting. Have read quite a lot about this now.
 
Regards Tom 

Edited by Orange Blossom, 24 February 2015 - 01:17 AM.


BC AdBot (Login to Remove)

 


m

#32 jdituro

jdituro

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 February 2015 - 12:04 AM

Hello Nathan, thanks for your help. I am working on restoring a friends PC with CryptorLocker2015, and your decryptor was not successful. I had him send you a encrypted file and the Ransom Demand txt file. His name is Paul C. Please let me know if there is any thing I can do on my end to help. These files are very important to Paul.



#33 FelixArba76

FelixArba76

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 24 February 2015 - 09:32 AM

evening
Ten days ago, I picked up this virus and lost 120 gigabytes private pictures ...
code:
not going after any porn sites ... I received an email to my private email and since then we are to appear when I recently opened ...
whether anyone has tried to solve
I did not pay anyone anything because do not know if it and after paying certain that my pictures will be unlocked
otherwise I'm from Croatian and ask for help ...
if anyone knows anything let contact me on skype: ghost.rider.76 so we can try via TeamViewer ...
nice greeting


#34 xterso

xterso

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 01 March 2015 - 01:23 PM

upload a zip file with a encrypted file and ur ransom note, and email it to decryptorbit@outlook.com with the subject "cryptotorlocker 2015" and ill take a look. You prob. Were infected with a different variant.

Nathan, I have sent some encrypted files to that account. Awaiting your help. I might have forgotten the ransome note. If I did I will send it tomorrow too.



#35 xterso

xterso

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 09 March 2015 - 05:21 AM

Apparently Nathan never visited the forum since 12 February 2015. Some people like me are waiting for an answer and/or solution desperately here. 



#36 Nathan

Nathan

    DecrypterFixer


  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:42 PM

Posted 09 March 2015 - 07:23 AM

pleas send it again, I never received a email from you.


Have you performed a routine backup today?

#37 xterso

xterso

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 09 March 2015 - 08:45 AM

pleas send it again, I never received a email from you.

 

Nathan, I just sent it again on your request from my gmail account. It might get into spam folder because of the attachement.



#38 helodriver

helodriver

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:42 PM

Posted 21 March 2015 - 12:04 AM

Just registered to this site and first off want to say Thank you to all you tech savy, computer wizards because without you guys, we that arent so savy would still be chipping files out of stone...

With that said, I recently had the privelage of contracting the "Tesla Crypt" ransom ware and it has infected every file and every picture with a .ecc extension.

From what I have learned and researched so far is that there is no getting them back.  But after reading the posts on this site, there may be some hope.

My question is, has anyone come up with an app or fix for this particular bug?

 

Looking forward to any responses and thanks in advance

Alan


Edited by Platypus, 21 March 2015 - 04:34 AM.
Removed email address to avoid spam.


#39 Andres Pedreno

Andres Pedreno

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canary Island. Spain
  • Local time:06:42 PM

Posted 21 March 2015 - 06:14 AM

Hi Helodriver

 

At this point I haven´t  news of applications that solve the problem.
 
A expert computer friend,  told me that only solution will be when there are released quantum computers
 
I am also waiting for a solution.
 
I recommend as a matter of mental calm -if your files are not indispensable- save them to an external drive and wait for the good people of this web locate a solution.
 
I did well not to see every day the damage they have caused me.
 
A hug


#40 zgbw168

zgbw168

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 04:08 AM

How do I download this software? Software download url ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users