Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help


  • This topic is locked This topic is locked
3 replies to this topic

#1 merauder99

merauder99

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 01 November 2015 - 09:40 AM

hello,

Where can i find the key information used to encrypt my files with cryptolocker?  I cannot find a key.dat file anywhere, and that web site fire-eye is no longer available.

Please help.

 



BC AdBot (Login to Remove)

 


#2 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:01:29 PM

Posted 01 November 2015 - 09:53 AM

hello,

Where can i find the key information used to encrypt my files with cryptolocker?  I cannot find a key.dat file anywhere, and that web site fire-eye is no longer available.

Please help.

 

 

Can you be more specific?  What ransomware variant are you infected with?  Many people refer to the malware classification "ransomware" as "CryptoLocker" due to the popularity/media attention it received.  Are you looking for an old TeslaCrypt decryption utility?


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#3 merauder99

merauder99
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 01 November 2015 - 02:21 PM

I have files encrypted with a ccc extension.  The html file asking for the ransom is howto_recover_file_qyydf.  How do I tell if this is a new or old version?  The virus software reported it as Ransom!remnant or Filecoder.EM



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:29 PM

Posted 01 November 2015 - 07:01 PM

I have files encrypted with a ccc extension.  The html file asking for the ransom is howto_recover_file_qyydf.  How do I tell if this is a new or old version?  The virus software reported it as Ransom!remnant or Filecoder.EM

I have already replied to you in this topic as well as this one.

Earlier variants stored the private key as data files (key.dat) on the local disk which enabled victims to decrypt their files with the locally stored private key using Cisco's Talos Group decryptor tool for TeslaCrypt or BloodDolly's TeslaDecoder

These new variants no longer store any data files on the local disk and information stored in the registry as binary data only contains public keys and each shared secret. That is why you cannot find it.

There is an ongoing discussion in this topic:As I said previously...rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users