Cryptolocker

Posted 10/29/2013 9:25 AM
#96125
User avatar

petlad Advanced member

Date Joined Nov 2016
Total Posts: 31
Hi all ,


My friend's laptop with windows XP on it got infected with Cryptolocker virus ransomware. If any one has a solution to decrypt the files which are infected and are not opening since removal of cryptolocker please feedback and I can send / post logs for the use if required.
Posted 10/29/2013 1:24 PM
#96126
User avatar

Advanced member

I am very sorry to hear about the difficulties your friend is having.

Encryption infections can do one of the three below:

1. They do not encrypt anything, but change or delete the extension, making the system unable to recognize the type of file.
2. The files are encrypted, but the key did reach one of the Virus Teams from security companies and files can be decrypted with one of the tools that you can find on the internet, or the security suite can also disinfect/decrypt the files affected immediately.
3. The files are encrypted, the key is deleted and they become completely unrecoverable. This is the worst case scenario because without a backup, all your files are completely gone.

Bleepingcomputer.com have gone and wrote a very good article on this nasty infection:
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Panda Security has graciously offered a Decrypt tool:
http://www.pandasecurity.com/resources/tools/pandaunransom.exe
Note: I do appreciate the effort that went into making this tool, but I do not know whether it works or not, because I have never dealt with this infection before.

Please recommend your friend to install a good security suite that will catch this. The chances are that he doesn't know where he got infected and this only means that he could get it again.

BullGuard removes this infection immediately, so other than the very good article that Bleeping Computer has put up and the tool from Panda, I would not know what to recommend. What is certain is that the longer the infection is allowed to exist, the more damage it will do.

All the best!
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 10/29/2013 7:01 PM
#96129
User avatar

petlad Advanced member

Date Joined Nov 2016
Total Posts: 31
Dear Andreea ,

Thanks for prompt reply. I have downloaded the tool and will read full article of beeping computer . I had advised him initially to run malwarebytes but my friend had already used some tool to delete virus and he thought the files will now open but they are not. I shall do needful as advised and I am very sure that he shall get access to his files shortly. As academics and learning i would like to know a bit more about key. I am using one program of fx trading having a security key which i always save it on my pendrive and also on multiple secured locations should i loose pendrive. Now my question is if Virus creator is removing or applying a key when one opens a file will the program not ask for password -- i mean load a key ? I am not sure if this virus apply a key or as you have mentioned have deleted extension. The files that has been corrupted still shows that either they are word file or xls or txt etc. If its convenient for you to explain it would be great pleasure to know more. Thanks again Andreea and shall update on results .
Posted 10/30/2013 1:48 AM
#96131
User avatar

Advanced member

Two commonly used methods of encrypting data are DES and RSA. You can read more about Encryption from here:

http://en.wikipedia.org/wiki/RSA_(algorithm)
http://en.wikipedia.org/wiki/Data_Encryption_Standard
http://en.wikipedia.org/wiki/Computational_complexity_theory

From what I have read about Cryptolocker, it uses RSA.

It really would be too much for me to post here.

Encryption is pretty straight-forward. You just need to be good (very good, arguably), at math. The only problem with encrypting is that your files can potentially be lost, if you loose the key.
Andreea-Luciana Ostache
Support Team Leader
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 16

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 11/8/2013 7:54 AM
#96173
User avatar

southcoastsounds Member

Date Joined Nov 2016
Total Posts: 1
There was a very informative feature on BBC Radio 5 Live last night on CryptoLocker. It seems that there really is no way out of this ransomware once it's on your computer because the encryption key get's destroyed after 72 hours if you've not paid the ransom by then. A recent article in The Register says that the crooks behind it are kindly offering to recover the encrption key if you've missed the deadline - but at a cost of $2,300!

Clearly this is a new and huge threat and the most important approach is to avoid getting the malware in the first place.

What is worrying is that if you are backing up your data to the cloud automatically, if you're not quick of the mark, the corrupted files will be transferred to the cloud too! However, I contacted LiveDrive today (the cloud storage I use) and they assured me that they keep several versions of my files so I can roll back to an un-encrypted version.

Thomas Cunliffe
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, January 20, 2017, 2:59 PM (GMT +1)
There are a total of 61,163 posts in 13,449 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,989 registered members. Please welcome our newest member, Weiwei.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.