Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoLocker (Brasil)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Fernandao

Fernandao

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 26 December 2016 - 10:47 AM

Good Afternoon, 

 

This morning I was affected by CryptoLocker. It encrypted all of my files and don't let me get acess to them. Now he's asking for money for giving back my files. I am not paying, that is for sure, cause I have no guarantee that they will give back all of my files, plus, I hear that once they get payed they ask for more in other computers around here where it attacked. 

 

Do you have any advice to help me get my files back?

 

Thank you so much, 

 

Fernando Prevedello

(fernandoprevedello@yahoo.com.br)



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 26 December 2016 - 10:49 AM

The first step is to identify what ransomware it is. The original CryptoLocker has been dead since 2013, there are only copycats going around sometimes.

 

Upload a ransom note and encrypted file to ID Ransomware (link in my signature) to identify. If it is unable to identify, post the SHA1 it gives you so I can manually look at the files. Otherwise, it will give you a link to more information and a clear-cut answer on whether the ransomware is decryptable.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Fernandao

Fernandao
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 26 December 2016 - 11:25 AM

1 Result
PClock (Updated)
 This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

  • ransomnote_filename: Your files are locked !!!!!.txt
  • ransomnote_email: sysgop02@india.com

 

Click here for more information about PClock (Updated)


#4 Fernandao

Fernandao
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 26 December 2016 - 01:05 PM

Name: CV Fernando Prevedello.doc
Date: 26/12/2016
Size: 56 KB (57,856 bytes)
--------
SHA-1: e4bc652a124f77ac44ca0f40c366bbb2ee95e333
MD5: 913da35d7e26dcaa6d4a857b3444f413
CRC32: b0c1c6e5
 
Sorry Demonslay, this is what you want?


#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 AM

Posted 26 December 2016 - 01:11 PM

No. ID Ransomware identified your case so there is no need for a SHA1 (it is a hash of the case ID to protect privacy).

 

Since it was identified as PClock, then as I stated before (and as ID Ransomware tells you), it is not decryptable. See the article link it gave you for more information.

 

http://www.bleepingcomputer.com/news/security/old-cryptolocker-copycat-named-pclock-resurfaces-with-new-attacks/


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 Fernandao

Fernandao
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 26 December 2016 - 01:20 PM

So, there's nothing I can do for the time being, only save my files and wait. 

 

Thank you very much Demonslay, next time i will have a backup ;)



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 AM

Posted 26 December 2016 - 02:39 PM

In cases where there is no workable free decryption fix tool and victims are not willing to pay the ransom, the only other alternative is to backup/save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, they do not always work correctly so keeping a backup of the original encrypted files and related information is a good practice.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the below support topic discussion.When or if a solution is found, that information will be provided in that support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users