You are most likely dealing with a newer variant of CTB Locker
(aka Critroni, Onion) ransomware. Any files that are encrypted with CTB Locker will have a 6-7 length extension consisting of random characters
such as these .uogltic, .rtrsxox, .phszfud
, etc. This extension is believed to be generated as a result of some type of algorithm involved at the time of the initial infection.
CTB Locker will leave files (ransom notes) with names like DecryptAllFiles.txt and DecryptAllFiles_<user name>.txt that contains ransom instructions but the newer variants do not always leave a ransom note if the malware fails to change the background like it typically does. An AllFilesAreLocked_<user name>.bmp image file may be left in the My Documents folder which contains further instructions on how to pay the ransom. The developers of CTB Locker provide instructions to download and use a TOR web site, then open an onion related url address such as...hxxp://zaxseiufetlkwpeu.onion/, hxxp://43qzvceo6ondd6wt.onion/...see here
A repository of all current knowledge regarding CTB Locker
(Critroni, Onion) is provided by Grinler
(aka Lawrence Abrams), in this topic: CTB Locker and Critroni Ransomware Information Guide and FAQ
Unfortunately at this time there is no fix tool and decryption of CTB Locker...is impossible
since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. The only methods you have of restoring your files is from backup, file recovery tools, or from Shadow Volume Copies as explained in the FAQ: How to restore files encrypted by CTB Locker
...but there is no guarantee that will work.
As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups
. If that is not a viable option, the only other alternative is to save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a possible solution so save the encrypted data and wait until that time.
There is an ongoing discussion in this topic where you can ask questions and seek further assistance:
Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that support topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.
The BC Staff