Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cryptolocker - Discovered some encrypted files created 2014

  • This topic is locked This topic is locked
1 reply to this topic

#1 craiggc


  • Members
  • 10 posts
  • Local time:05:30 AM

Posted 08 February 2016 - 08:15 PM

Hello all,  I have recently discovered a network share that has been encrypted by Cryptolocker (.encrypted file extn) on investigation my predecessor discovered a Cryptolocker infection on 24/9/2014 but did not check all the file shares that the user had access too. the virus was cleaned up, restores made from the (rudimentary) backups but this particular share was forgotten.


Fast forward to last week and someone actually went into the share in question (first time since its encryption) and then reported to me the status of the files. - These files are historical but contain some crucial legal documentation relating to the organisation.


Ah-ha I thought, ill just head over to www.decryptcryptolocker.com and grab a key to decrypt - NOPE  :unsure: - the site is offline and no chance of it returning


I have spoken to FireEye Australia  who were unwilling to assist

I have submitted files to DrWeb - no response 

I have emailed Fox-It - waiting for a response 

I have located the site here - https://zar.sge.gov.tr/UploadSample/ZararliYazilimYukle which seems to suggest they can help but it doesnt work for me


Would any of the Gurus here have any suggestions as to where i can go from here ?



Thanks in advance


BC AdBot (Login to Remove)



#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,715 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:30 PM

Posted 08 February 2016 - 09:04 PM

In August 2014, we launched our website to help the victims of the CryptoLocker malware. We are happy to have helped more than five thousand individuals and small businesses.

CryptoLocker, unfortunately, has inspired criminals all over the world. We have seen more than 20 copycat ransomware attacks since the original CryptoLocker, some of which use the same name, modus operandi and layout as the original CryptoLocker. We believe that our Decryptolocker site has served its purpose, and we have decommissioned it given that the threat landscape has evolved.

FireEye/Fox-IT Decryptolocker site

There are ongoing discussions in these topics where you can ask questions and seek further assistance.Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users