My friend's laptop with windows XP on it got infected with Cryptolocker virus ransomware. If any one has a solution to decrypt the files which are infected and are not opening since removal of cryptolocker please feedback and I can send / post logs for the use if required.
I am very sorry to hear about the difficulties your friend is having.
Encryption infections can do one of the three below:
1. They do not encrypt anything, but change or delete the extension, making the system unable to recognize the type of file. 2. The files are encrypted, but the key did reach one of the Virus Teams from security companies and files can be decrypted with one of the tools that you can find on the internet, or the security suite can also disinfect/decrypt the files affected immediately. 3. The files are encrypted, the key is deleted and they become completely unrecoverable. This is the worst case scenario because without a backup, all your files are completely gone.
Please recommend your friend to install a good security suite that will catch this. The chances are that he doesn't know where he got infected and this only means that he could get it again.
BullGuard removes this infection immediately, so other than the very good article that Bleeping Computer has put up and the tool from Panda, I would not know what to recommend. What is certain is that the longer the infection is allowed to exist, the more damage it will do.
Thanks for prompt reply. I have downloaded the tool and will read full article of beeping computer . I had advised him initially to run malwarebytes but my friend had already used some tool to delete virus and he thought the files will now open but they are not. I shall do needful as advised and I am very sure that he shall get access to his files shortly. As academics and learning i would like to know a bit more about key. I am using one program of fx trading having a security key which i always save it on my pendrive and also on multiple secured locations should i loose pendrive. Now my question is if Virus creator is removing or applying a key when one opens a file will the program not ask for password -- i mean load a key ? I am not sure if this virus apply a key or as you have mentioned have deleted extension. The files that has been corrupted still shows that either they are word file or xls or txt etc. If its convenient for you to explain it would be great pleasure to know more. Thanks again Andreea and shall update on results .
From what I have read about Cryptolocker, it uses RSA.
It really would be too much for me to post here.
Encryption is pretty straight-forward. You just need to be good (very good, arguably), at math. The only problem with encrypting is that your files can potentially be lost, if you loose the key.Andreea-Luciana Ostache Senior Support Technician EN email@example.com www.bullguard.com
There was a very informative feature on BBC Radio 5 Live last night on CryptoLocker. It seems that there really is no way out of this ransomware once it's on your computer because the encryption key get's destroyed after 72 hours if you've not paid the ransom by then. A recent article in The Register says that the crooks behind it are kindly offering to recover the encrption key if you've missed the deadline - but at a cost of $2,300!
Clearly this is a new and huge threat and the most important approach is to avoid getting the malware in the first place.
What is worrying is that if you are backing up your data to the cloud automatically, if you're not quick of the mark, the corrupted files will be transferred to the cloud too! However, I contacted LiveDrive today (the cloud storage I use) and they assured me that they keep several versions of my files so I can roll back to an un-encrypted version.
Post Edited (southcoastsounds) : 11/8/2013 6:30:25 PM GMT