Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is alternative to DecryptCryptoLocker site and its assoc decryption service


  • This topic is locked This topic is locked
1 reply to this topic

#1 iam35

iam35

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 29 September 2016 - 05:19 AM

Where can I find an alternative to the DecryptCryptoLocker website and its associated decryption service?

 

Quote; "FireEye is no longer providing decryption solutions for CryptoLocker

... we have discontinued the DecryptCryptoLocker website and its associated decryption service"

 

I need to find a reliable way to decrypt and restore my  lost files and emails[attachment=185312:16-09-28 Fake AusPOST VIRUS invasion with Crypt0L0cker Virus demanding money to UNLOCK.doc][attachment=185312:16-09-28 Fake AusPOST VIRUS invasion with Crypt0L0cker Virus demanding money to UNLOCK.doc]

_________________________________________________________________

 

A Fake AUSPOST VIRUS appeared in my Inbox under genuine-looking AUSPOST LOGO. It came into my Windows LiveMail Inbox with the date (either 27th or) 28th September, 2016 purporting to be an AUSPOST Parcel Notice email dated 21Sep16 that referred to a failed delivery dated 19Sep16.It requested the download and copying of the tracking document for presentation at my local (Australia Post) delivery centre.

 

 It was due to invasion with Crypt0L0cker Virus that announced itself as having encrypted my "IMPORTANT FILES" and demanding money to UNLOCK them (see the two files copied below). Within a few minutes ALL of my email accounts and 9 months contents were removed - they had DISAPPEARED from Windows LIVEMAIL.

 

This File appeared in my database at 11:14 am Wed 28Sep16 as a result of invasion with Crypt0L0cker Virus (demanding money to UNLOCK).

 

See some of the story here:

http://www.cso.com.au/article/562658/over-9-000-pcs-australia-infected-by-torrentlocker-ransomware/

 

This email self-erased before I could make a screen print of its contents

 

All my Windows LIVEMAIL email records have disappeared. Gone are several email accounts that Livemail managed. This means that I have LOST the CONTENTS of their INBOXES and ALL the usual folders plus ALL MY PERSONAL and BUSINESS FOLDERS ie EVERY EMAIL except those in the Windows LIVEMAIL STORAGE FOLDERS the contents of which are around at least 9 months old. At that time I gave up using the fairly useless Windows Live Storage Folders system because when I transferred the contents to a new partition (because of my Windows 7 in a 64 GB SSID becoming full up due partly to 7 GB of old emails) I discovered the names of the folders were corrupted and truncated into 15 characters thus affecting any efficiency in locating old emails by folder.

 

Here is the content of two of seven files that invaded my database at 11:14 am on Wednesday 28Sep16:

 

1st  Path > D:\-                      DELL MY Documents 26Jul16\-          

16-09-28 VIRUS - AUSPOST email INFO\Cryptolocker VIRUS- added these FILES 28Sep16\HOW_TO_RESTORE_FILES.html (if image does not open maybe [attachment=185312:16-09-28 Fake AusPOST VIRUS invasion with Crypt0L0cker Virus demanding money to UNLOCK.doc][attachment=185312:16-09-28 Fake AusPOST VIRUS invasion with Crypt0L0cker Virus demanding money to UNLOCK.doc] 

 

 

 

 

 

2nd Path > D:\-                      DELL MY Documents 26Jul16\-          

16-09-28 VIRUS - AUSPOST email INFO\Cryptolocker VIRUS- added these FILES 28Sep16\

File Name:  "HOW_TO_RESTORE_FILES.txt

 

===============================================================================

            !!! WE HAVE ENCRYPTED YOUR FILES WITH Crypt0L0cker !!!

===============================================================================

 

Your important files (including those on the network disks, USB, etc): photos,

videos, documents, etc. were encrypted with our Crypt0L0cker. The only way to

get your files back is to pay us. Otherwise, your files will be lost.

 

You have to pay us if you want to recover your files.

 

In order to restore the files open our website

http://anbqjdoyw6wkmpeu.oldtrees.at/tbn2h8b.php?user_code=xvwqpi&user_pass=6255

and follow the instructions.

 

If the website is not available please follow these steps:

1. Download and run TOR-browser from this link: https://www.torproject.org/download/download-easy.html.en

2. After installation run the browser and enter the address: http://anbqjdoyw6wkmpeu.onion/tbn2h8b.php?user_code=xvwqpi&user_pass=6255

3. Follow the instructions on the website.

 

=============================================================================== "

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:58 AM

Posted 29 September 2016 - 06:29 AM

This is not cryptolocker; cryptolocker has been dead for over 2 years.
 
You are infected with Torrentlocker (also known as Crypt0l0cker). While this ransomware is not decryptable for free, many victims have stated Dr. Web was able to decrypt files for a fee (free if you had their product installed before the encryption). I would recommend contacting them. More information is in the support topic.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users