Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

About DecryptCryptolocker.com - CryptoLocker VS new Cryptowares


  • Please log in to reply
2 replies to this topic

#1 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 06 April 2015 - 07:05 AM

Hi everyone :)

I'm simply posting this thread as a reminder or "note" for those who gets infected by any Cryptowares other than CryptoLocker and who tries to use the website DecryptCryptolocker.com by FireEye and Fox IT to decrypt their encrypted files. You cannot decrypt files from any other Cryptowares other than CryptoLocker on this website. The online service "Decrypt CryptoLocker", by FireEye and Fox IT can only be used to decrypt files that were encrypted by the original Cryptoware, CryptoLocker. This is possible because during the Operation Tovar that was used to shut down the GameOver ZeuS botnet, which was used to distribute CryptoLocker, they seized servers where the private keys used for encryption by CryptoLocker were uploaded to. After that, they set up the DecryptCryptolocker.com website that allows you to upload a CryptoLocker encrypted file and it'll test it against the 50,000 private keys they retrieved from the server to see if one matches your encryption private key If it does, they'll send you a decrypter executable along with your private key. Therefore, files encrypted by any other Cryptoware other than CryptoLocker cannot be decrypted via this service.

The reason I'm posting this thread is because I've seen quite a few threads and replies in the Cryptoware Support threads lately of people that tried to use that website to decrypt their files that were encrypted by CryptoDefense, CryptoWall, TorrentLocker, etc. and complaining that it wasn't working or failed.

I know this thread might be ignored by newcomers, but for those of you who took the time to read it, at least you'll know what this is all about and why DecryptCryptolocker.com cannot be used to decrypt non-CryptoLocker encrypted files.

Have a good day :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


#2 COSMOTRONICS

COSMOTRONICS

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 29 July 2015 - 03:09 AM

Hi everyone

 

I notice they closed their site anyhow, but how will I know which type of cryptolocker was used on my files?

who do I contact or where can I send a file to be inspected?

 

Are there any good decrypt software available that can decrypt my files


Edited by COSMOTRONICS, 29 July 2015 - 03:11 AM.


#3 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 29 July 2015 - 05:21 AM

Hi COSMOTRONICS :)

Depending on which Cryptoware you were infected with, there's a chance that you might be able to recover your files. Also, the DecryptCryptolocker website wouldn't have helped you since it was made for the original CryptoLocker infected that was shutdown during Summer 2013, and isn't spread anymore. Do you have any ransom notes on your system? If so, can you give us the name of the ransom files (.txt, .png, .bmp, .html, etc.) and copy/paste their content here (you can remove the ids if you want)?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users