Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sites using Dr.Web's TorrentLocker decryption taking advantage of victims


  • Please log in to reply
14 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:30 PM

Posted 28 August 2015 - 09:52 AM

As reported earlier this week, Dr.Web has been able to decrypt TorrentLocker files for quite some time, but only for licensed customers. It appears they have also offered this service to their distributors and partners in order to help their clients. In the past, the distributors and partners that we have seen promoting this decryption service have been offering it for free. Today, a member notified us that a web site based out of Spain is advertising these same services for 165 to 225 Euros depending on the particular victim.

A web site based out of Spain appears to be offering TorrentLocker and Crypt0L0cker decryption services for 165 to 225 Euros. Though there is nothing that specifically states that this site is a Dr.web partner, there are many posts about Dr.Web on the site that leads us to believe that they may be affiliated in some way. This site is claiming to be able to decrypt TorrentLocker/Crypt0L0cker files within 48 hours. If they are successful they require a fee of 165 to 225 dollars. This is a large amount of money considering that Dr.Web offers the same services for any licensed owner of their software, which is considerably cheaper.
 

decryption.jpg


Furthermore, it has been reported that a site that we previously reported was decrypting for free, and admits to using Dr.Web for the decryption, is now charging 70 Euros to receive the Dr.Web tool and decryption key. It is a shame that these companies are taking advantage of TorrentLocker victims by charging a lot of money when a victim can purchase Dr.Web for 30 USD and get the same services as part of their license.

Hopefully Dr.Web will begin to crack down on these sites who are using their services and taking advantage of their customers.


BC AdBot (Login to Remove)

 


m

#2 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 28 August 2015 - 10:16 AM

165 - 225 dollars? Isn't it usually cheaper to pay the criminals who make the crypto virus?



#3 colataroc

colataroc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 28 August 2015 - 10:28 AM

165 - 225 dollars? Isn't it usually cheaper to pay the criminals who make the crypto virus?

 

 Yep but drweb license is just about 30 usd



#4 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 28 August 2015 - 10:47 AM

 

165 - 225 dollars? Isn't it usually cheaper to pay the criminals who make the crypto virus?

 

 Yep but drweb license is just about 30 usd

 

 

Wow. So these other sites are profiting off of crypto locker victims the same way the crypto locker writers are. How awful.



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:03:30 PM

Posted 28 August 2015 - 12:23 PM

165 - 225 dollars? Isn't it usually cheaper to pay the criminals who make the crypto virus?


It's in euro, so pretty much $184-251 USD.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 28 August 2015 - 12:36 PM

 

165 - 225 dollars? Isn't it usually cheaper to pay the criminals who make the crypto virus?


It's in euro, so pretty much $184-251 USD.

 

 

That's even worse than the thing I said!



#7 rayy1212

rayy1212

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 28 August 2015 - 12:53 PM

The way I see it is your paying an honest person to remove something for good, rather than 

 

a. fund terrorism

b. pay for a service that the provider could revoke at any given time when they need more cash for weapons.

c. feel terrible that you've contributed to the deaths of hundreds of people

d. all of the above



#8 GT500

GT500

    Authorized Emsisoft Representative


  • Security Colleague
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fortville, Indiana, USA
  • Local time:03:30 PM

Posted 28 August 2015 - 01:12 PM

Thanks for the post Lawrence. Seems there's always someone looking to make a quick buck off of other peoples' misery.

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#9 USASAgencyman

USASAgencyman

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE FL
  • Local time:04:30 PM

Posted 29 August 2015 - 10:23 AM

(Re-posting with specific questions)

 

Disregard.


Edited by USASAgencyman, 30 August 2015 - 03:00 AM.


#10 Wallak

Wallak

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Zaragoza, Spain
  • Local time:09:30 PM

Posted 29 August 2015 - 07:21 PM

It's been near 4 months when I said about Dr.Web's solution for some trojan encoders, including Torrentlocker, but nobody listened to me. And here, in Spain, there are not only ONE company offering those services, there are more, I can assure You. I personally talked to Mr.Sharov, Dr.Web's CEO about their partners and distributors services and seemed to be surprised, he said about they accept their parterns to apply a 'charge' extra but not that one. At the moment, their official channel partner still gives abussive services (forces to change all active antivirus at company to Dr.Web's one, 100 to open a support ticket, etc...) all NOT legal and without permission of Dr.Web. Anyway, it's nothing new, we said all about it on our website (yes, in Spanish) in April-May, when there was a secure solution for that Torrentlocker (trojan.encoder.761 for Dr.Web) Best Regards.

Wallak (aka Alik)

Меня зовут Алик

 

IT Specialist, SPAIN

WEB - BLOG

 


#11 little little

little little

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indonesia
  • Local time:08:30 PM

Posted 30 August 2015 - 02:02 AM

why i cant use?

#12 colataroc

colataroc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 30 August 2015 - 02:11 AM

crypt0l0cker is identified by drweb as Trojan.Encoder.225
I bought the service and everything worked. It saved months of my company contability.

#13 USASAgencyman

USASAgencyman

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE FL
  • Local time:04:30 PM

Posted 30 August 2015 - 03:18 AM

I have been under the impression that one cannot decrypt a set of files encrypted by Torrentlocker, (now Crypt0l0cker), without having their secret keys.   At least for 35 years or so of heavy computing.  

 

Has is been discovered they are only pseudo-encrypted?  Or:

 

Did Dr. Web rescue the keys from the TorrentLocker servers?

 

So far, none of my clients have been hit with any of these, but I need to stay informed.



#14 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:30 PM

Posted 30 August 2015 - 09:35 AM

I have been under the impression that one cannot decrypt a set of files encrypted by Torrentlocker, (now Crypt0l0cker), without having their secret keys.   At least for 35 years or so of heavy computing.  
 
Has is been discovered they are only pseudo-encrypted?  Or:
 
Did Dr. Web rescue the keys from the TorrentLocker servers?
 
So far, none of my clients have been hit with any of these, but I need to stay informed.


Dr.Web is silent on how they can decrypt and on the fact that their partners/affiliates/distributors abuse this practice.

#15 USASAgencyman

USASAgencyman

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NE FL
  • Local time:04:30 PM

Posted 30 August 2015 - 10:14 AM

Perhaps it is as simple as a mole and pipeline.  :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users