Jump to content
Posted 13 May 2015 - 10:55 AM
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.
Posted 13 May 2015 - 06:26 PM
Crypt0L0cker (Torrentlocker) Update
As of today (05/13/15) i have had multiple clients contact me for help with their decryption software they paid for to fix their Crypt0L0cker (TorrentLocker) effected files. With everyone of these clients i have taken the key in the decrypter and manually attempted to decrypt the files with the key, as the software was failing. Upon doing this i quickly realized that the key sent is not able to decrypt the files. This means either that the infection exe is encrypting files wrong and the virus creator cant even decrypt your files, or the virus creator is sending a wrong/fake decryption key with the software.
Seeing as how its been more than a few clients now, im going to advise any victims that are considering to pay to get their files back to NOT do it until otherwise stated that the virus creator is actually able to decrypt files again.
I recommend that no victims pay the infection to get their files back, but i know this is not always an option, but if you proceed to do this now, you run the risk of losing your files and your money.
I have attempted to contact the virus creator on behave of all these victims, and the victims themselves have tried, to no avail and no answer. Yet the creator will answer if i pretend to be a victim that hasn't paid yet.
The choice is ultimately up to you, but as it stands it seems no victim is getting a working decrypter after payment at this time.
Posted 14 May 2015 - 09:28 PM
Thanks Lawrence Abrams, this was document that one of staff opended unknowinly and got sucked..
Hi ALL - Refer below link, related to this.
We are a victim of this, paid ransom and still not able to decrypt the files. PLEASE DO NOT PAY RANSON AS THE AUTHORS ARE NOT HELPFUL
Posted 16 May 2015 - 05:25 AM
My dad informs me that the decryption software worked for him. If it helps I can provide the decrypter for reverse engineering, as I might attempt it myself if I find the time.
Posted 16 May 2015 - 10:24 AM
Reversing wont help, I have already looked into the decrypter. The key is what is important, and each decrypter has a key related to the victim.
Posted 18 May 2015 - 02:08 AM
I sent you an email this morning with one of the affected file and RSA key. I am unable to decrypt the file by using CryptoUnlockerGUI.exe software. Could you please assist me to decrypt the files.
Posted 21 May 2015 - 09:15 PM
Hi, thanks so much for the above info. It looks like our home computer looks has been affect with this virus, the AFP infringement notice is identical to the one we got. On 12/5/15
My wife and I were devasted at loosing all our photos of kids and family etc for the last 8 years. Our back up was connected at the time and we didnt make any restore points etc. We resisted trying to pay the ransom.
I have found similar files to those below on my PC execpt the string 'iwymyzucasakodon' is different . I entered the string into google and found the details of the virus on another malware site .( Hav'nt got the actual details on hand at the moment but I can post them if it helps )
Do these hint at any decyryption keys or methods or provide positive ID of the virus program?
Please if anyone finds a way to decrypt these file let me.
Posted 21 May 2015 - 09:23 PM
Posted 24 May 2015 - 07:42 AM
Like many, my files were infected sometime in February by the strong encryption with RSA-2048 using CryptoWall 3.0. I removed the virus, but the encryption obviously remains on my files. I submitted a sample file using the link above, but am unsure of next steps (or perhaps even first steps if submitting a sample really isn't a step one). Any help would be appreciated. I was following this thread very loosely (http://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/page-68), but with 68 pages I'm unsure if I missed an important thing to try or not.
Posted 24 May 2015 - 07:54 AM
Posted 24 May 2015 - 07:56 AM
Thanks so much Quietman7. I apologize the the newbie first post!
Posted 24 May 2015 - 07:59 AM
Posted 03 June 2015 - 07:35 AM
Hi Quietman7 , I have sent a file from C:\ProgramData\abekelataheficij folder which I suspected is part of the ransome ware as well a an encrypted file. I have the ransomeware carrier email and file on Iphone email , but I am hesitant to send it to my PC to upload it here .
Thanks for any help you can give!
Posted 10 June 2015 - 10:19 AM
Hi everybody, one of my network's pc is affcted by crypt0l0cker ...
Are there any news about possibility to decrypt files?
Posted 10 June 2015 - 01:37 PM
At this time there is no known way to decrypt your files for free. It is suggested that you restore your files from backup, and if that is not an option, attempt to use recovery software to recover your files.
0 members, 0 guests, 0 anonymous users