Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got infected with what I believe to be Cryptolocker years ago, any help?


  • This topic is locked This topic is locked
4 replies to this topic

#1 datachilds

datachilds

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 12 August 2016 - 01:18 PM

Hello!

 

I got infected with Cryptolocker a few years ago. I missed sending a file to the fireeye.com by a few months after I had already given up all hope. I missed the window of the site being up and operational by seriously like, 2 months.

I have a ton of my (currently 5 year old) sons pictures when he was a child that are currently encrypted. 

I was searching the internet and saw a few posts about some of the ransomware creators feeling bad and uploading decryption tools. However, it appears my infection is not the same one.

 

 

Is there anything I can do? 

Here is a for sure infected file: https://www.dropbox.com/s/pgc94my4kp2t0x3/Thyrfing__1.jpg?dl=0

And here is an original file: https://www.dropbox.com/s/d5he9pqxckrun4j/Thyrfing__1%28original%29.jpg?dl=0

 

Any help I would definitely owe you guys one.

I appreciate your time!



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 12 August 2016 - 01:25 PM

I think your best bet would be to contact FireEye or FoxIT directly. They might still have the 50,000 keys they confiscated (I can't believe they would just delete them) and could probably tell you what's yours.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 datachilds

datachilds
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 12 August 2016 - 01:31 PM

Just did. Thank you for the quick reply and amazing advice!



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:05 PM

Posted 12 August 2016 - 01:56 PM

No problem :) If you can, please let us know how it goes. I'm curious to know whether or not they'll accept requests like this.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 PM

Posted 15 August 2016 - 06:15 PM

All discussion in regards to the original Cryptolocker infection can be found here. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users