This ransomware infection came in an email from AGL (an Australian Gas Company) who we use. My wife didn't know it was a fake and we only got a warning email about it this morning, 2 days after infection.
Each folder has encrypted files and this txt message is included in each folder that contains encrypted files:-
!!! WE HAVE ENCRYPTED YOUR FILES WITH Crypt0L0cker !!!
Your important files (including those on the network disks, USB, etc): photos,
videos, documents, etc. were encrypted with our Crypt0L0cker. The only way to
get your files back is to pay us. Otherwise, your files will be lost.
You have to pay us if you want to recover your files.
In order to restore the files open our website
and follow the instructions.
If the website is not available please follow these steps:
1. Download and run TOR-browser from this link: https://www.torproject.org/download/download.html.en
2. After installation run the browser and enter the address: http://de2nuvwegoo32oqv.onion/aydd85j.php?user_code=1zg3ybi&user_pass=3840
3. Follow the instructions on the website.
I did a post (uploads) on this site:- ID Ransomware and this is the result:-
1. Crypt0L0cker - This ransomware has no known way of decrypting data at this time. (I'm backing all the encrypted files up for future use (hopefully))
2. KeRanger - This ransomware is decryptable!
Note:- All File Shadow Copies have been disabled.
Note:- Restore Previous Versions have also been disabled
Note:- Windows 8.1
Note:- I did note that .png files are not affected if that is helpful in working out what variant we are stuck with.
Can anyone please help?