Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker decrypt


  • This topic is locked This topic is locked
4 replies to this topic

#1 Bralmo28

Bralmo28

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 02 September 2016 - 04:01 AM

Hi,

I just got my computer infected with cryptolocker and i get rid off the virus but my files is still cant open my files . Anyone know how recover my old files from laptop.


Edited by hamluis, 02 September 2016 - 03:56 PM.
Moved from AII to Ransomware - Hamluis.


BC AdBot (Login to Remove)

 


#2 cybercynic

cybercynic

  • Members
  • 562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:05:35 AM

Posted 02 September 2016 - 04:41 PM

Cryptolocker is dead and gone. Maybe you have Crypt0l0cker - a different ransomware.

 

Find out what you do have by uploading an encrypted file and the ransom note here: https://id-ransomware.malwarehunterteam.com/

 

The site will attempt to make a positive ID of your ransomware, and give you guidance on what to do next.


We are drowning in information - and starving for wisdom.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:35 AM

Posted 02 September 2016 - 05:15 PM

As noted by cybercynic...the original CryptoLocker Ransomware which first appeared in the beginning of September 2013...does not exist anymore and hasn't since June 2014. There are many copycat ransomware variants which pretend to be or use the CryptoLocker name but those infections are not the same.
More information is needed to determine what infection you are dealing with since there are many variants of crypto malware ransomware.

Are there any obvious file extensions appended to or with your data files?

Did you find any ransom notes? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url file. Most ransomware will also drop a ransom note in every directory/affected folder where data was encrypted.

You should submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification as suggested above. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.

You can also submit samples of encrypted files, ransom notes, email or/and website address you see in the RANSOM DEMAND to No More Ransom Crypto Sheriff for assistance with identification and possible decrypting solutions. If you are provided any information it would be helpful to post it here for Demonslay335 to review.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Bralmo28

Bralmo28
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 04 September 2016 - 02:47 AM

 I have checked to see what virus i have and it was crypt0l0cker. I did find ransom notes and but i still cant work out how to decrypt my effected files. I didnt have a back up and have tried to restore from a previous time but it didnt work. Please help.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:35 AM

Posted 04 September 2016 - 06:46 AM

A repository of all current knowledge regarding Crypt0L0cker (TorrentLocker) is provided by Grinler (aka Lawrence Abrams), in this topic: TorrentLocker (fake CryptoLocker) Ransomware Information Guide and FAQ

Unfortunately, decryption of Crypt0L0cker (TorrentLocker)...is not possible since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. The only methods you have of restoring your files is from backup, file recovery software, or from Shadow Volume Copies as explained in the FAQ: How to restore files encrypted by TorrentLocker...but there is no guarantee that will work.

However, some victims have advised that Dr.Web was able to assist them with decrypting files...you may want to read this BC News article: Dr.Web quietly decrypting TorrentLocker for paid customers or distributors.
Updated policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infectionThere is an ongoing discussion in this topic where you can ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users