Hello all, I have recently discovered a network share that has been encrypted by Cryptolocker (.encrypted file extn) on investigation my predecessor discovered a Cryptolocker infection on 24/9/2014 but did not check all the file shares that the user had access too. the virus was cleaned up, restores made from the (rudimentary) backups but this particular share was forgotten.
Fast forward to last week and someone actually went into the share in question (first time since its encryption) and then reported to me the status of the files. - These files are historical but contain some crucial legal documentation relating to the organisation.
Ah-ha I thought, ill just head over to www.decryptcryptolocker.com and grab a key to decrypt - NOPE - the site is offline and no chance of it returning
I have spoken to FireEye Australia who were unwilling to assist
I have submitted files to DrWeb - no response
I have emailed Fox-It - waiting for a response
I have located the site here - https://zar.sge.gov.tr/UploadSample/ZararliYazilimYukle which seems to suggest they can help but it doesnt work for me
Would any of the Gurus here have any suggestions as to where i can go from here ?
Thanks in advance