Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sure software that resolves cryptolocker ransomware virus


  • Please log in to reply
15 replies to this topic

#1 Cylle001

Cylle001

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 30 January 2016 - 10:21 AM

Hello everyone. I'm cylle. And yes I'm very new here.

I would like to ask for your help guys. About this ransomware virus. The cryptolocker. That if you know a certain software (hopefully something I can just get online and free.. hehe) that is sure to recover the files that I've lost.

They are important files and photos that I have kept for years. Please please please help me retrieve those. Thank you..

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 PM

Posted 30 January 2016 - 12:22 PM

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on how thorough the malware creator, what algorithm the creator utilized for encryption and discovery of any flaws.

Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .encrypted, .locked, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .CTBL, .CTB2, or 6-7 length extension consisting of random characters?

BTW...these are some tools to help prevent ransomware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 eznetso

eznetso

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Largo, FL
  • Local time:07:54 PM

Posted 30 January 2016 - 12:42 PM

Thank you for the list of extensions, that's very helpful.  I have read on blog after blog about the software to protect against the cryptolocker / cryptowall however I have yet to find anything regarding restoring files or resolving the issue short of wiping the machine, and being better prepared next time.  Is there anything out there in the community that can help when someone finds themselves in the position of already having the locker other than pay the ransom or loose your data?



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 PM

Posted 30 January 2016 - 03:22 PM

As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. Most ransomware infections will delete all Shadow Volume Copies so that you cannot restore your files via System Restore, native Windows Previous Versions or using a program like Shadow Explorer...but it never hurts to try in case the infection did not do what it was supposed to do. It is not uncommon for these infections to sometimes fail to properly delete Shadow Volume Copies. In some cases file recovery tools such as R-Studio or Photorec to recover some of your original files may be helpful but there is no guarantee that will work.

If that is not a viable option and if there is no fix tool, the only other alternative is to save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a possible solution so save the encrypted data and wait until that time.

Grinler, (aka Lawrence Abrams), the site owner of Bleeping Computer has said this...

If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Cylle001

Cylle001
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 31 January 2016 - 09:16 AM

Woah.. thank you so much for your responses. I will check out these. This site is awesome

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 PM

Posted 31 January 2016 - 09:28 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 TheITGUI

TheITGUI

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 03 February 2016 - 08:42 AM

It's not going to help you after the fact, but I use Rollback Rx as a preventative measure to recover files after I recover from Cryptolocker or other malicious attacks.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 PM

Posted 03 February 2016 - 08:45 AM

In regards to Rollback Rx...anyone interested should read this discussion topic: System Restore..Alternative !.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 pakal

pakal

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 05 February 2016 - 04:34 AM

Hello folks I'm the responsible of a little computer Assistence company in Rome and I'm receiving a lot of calls from customers in Rome the are affected by Ransomware in this days, I have a laptop here beeing affected by crypt0l0cker is there a tool like the tesla decrypt tool for crypto?

image.jpg

Unfortunately the hard drive is although damaged so I can't retrive files with .encrypted extension, I was only able to get a screen shot of the txt file above.

In this days Ransomware is spreading a lot!!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 PM

Posted 05 February 2016 - 07:03 AM

...I have a laptop here beeing affected by crypt0l0cker is there a tool like the tesla decrypt tool for crypto?...Unfortunately the hard drive is although damaged so I can't retrive files with .encrypted extension.

Unfortunately, decryption of Crypt0L0cker (TorrentLocker)...is impossible since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. The only methods you have of restoring your files is from backup, file recovery tools, or from Shadow Volume Copies as explained in the FAQ: How to restore files encrypted by TorrentLocker...but there is no guarantee that will work.

However, you may want to read this BC News article: Dr.Web quietly decrypting TorrentLocker for paid customers or distributors.
Updated policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infection

A repository of all current knowledge regarding Crypt0L0cker (TorrentLocker) is provided by Grinler (aka Lawrence Abrams), in this topic: TorrentLocker (fake CryptoLocker) Ransomware Information Guide and FAQ. There are ongoing discussions in these topics where you can ask questions and seek further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 pakal

pakal

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 05 February 2016 - 08:29 AM

Really kind from you to give me such an exhausting reply, in the meanwhile during my answer here another client just called me with another infection this time .micro I will get hands on it Monday, I have mailed with an Internet site that says that they are able to encrypt files with cryptlocker virus, they asked for money to this for sure, could it be possible??

#12 pakal

pakal

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 05 February 2016 - 08:38 AM

This content was inside the .zip, i opened it with iPhone :)


image.jpg

It was sent by email

#13 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 PM

Posted 05 February 2016 - 08:39 AM

@pakal

 

TeslaCrypt 3.0 encrypts with the .micro extension. Refer to the news article for more information. There is no solution at this time.

 

TeslaCrypt 3.0 Released with Modified Algorithm and .XXX, .TTT, and .MICRO File Extensions

 

There are a few scams going around right now with promises of decryption, but I can assure you, there is no way to decrypt files from Crypt0L0cker (TorrentLocker) or TeslaCrypt 3.0 at this time. The only place you can pay is the malware developer, which only funds their criminal activities.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:54 PM

Posted 05 February 2016 - 09:05 AM

...in the meanwhile during my answer here another client just called me with another infection this time .micro I will get hands on it Monday, I have mailed with an Internet site that says that they are able to encrypt files with cryptlocker virus, they asked for money to this for sure, could it be possible??

I doubt it. As noted by Demonslay335, there is no way of decrypting TeslaCrypt 3.0 variants at this time. Please read BloodDolly's reply in Post #1451.

A repository of all current knowledge regarding TeslaCrypt, Alpha Crypt and newer variants is provided by Grinler (aka Lawrence Abrams), in this topic: TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 pakal

pakal

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 05 February 2016 - 09:28 AM

The organization that I mailed to this morning told me that they are able to decrypt files with decryp0l0cker infection...if you want I give you the contact in pvt. They specified that they are only able at this moment to decrypt only decrypt0locker.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users