Decrypt Cryptolocker

pclab

Moderator
Hey

Just got another call from a client that got his files encrypted...
Still no solution, right??

Thanks
 

Jared

Administrator
Staff member
Not really. If it's Windows Pro you can try the previous versions feature of the individual folders that contain the lost data (assuming they had it enabled). Or you can run RAW scan and see what you're able to get. But, as far as decrypting is concerned, you'll need to pay the criminals.

Unless of course it's the actual original Cryptolocker virus (which I doubt) in which case you can get the decryption key here: https://www.decryptcryptolocker.com/
 

pclab

Moderator
He had tried to send one file to https://www.decryptcryptolocker.com/, but it says it's not a valid file or something like that.
So it must be another version.
He doesn't have the shadow copies activated, so he's willing to pay.
But another question comes up: he needs to pay by Bitcoin. What service do you suggest to pay using Bitcoins? I never made any payment...

Thanks
 

Jared

Administrator
Staff member
I use coinbase.com they seem reputable, have good rates, and I've never had a problem with them.
 

Jared

Administrator
Staff member
I think that only removes the virus, I don't think it's any use for decrypting the data though.
 

pclab

Moderator
It says:
The Ransomware Removal Kit includes abilities of the following ransomware removal tools:

CoinVault: CoinVault ransomware removal tools
CryptoLocker: CryptoLocker removal tools and Threat Mitigation
CryptoLockerDecrypt: FireEye Tool to decrypt files encrypted by the CryptoLocker ransomware
FBIRansomWare: FBIRansomWare Removal Tools
TeslaCrypt: Tool for removing this variant of CryptoLocker ransomware
TrendMicro_Ransomware_RemovalTool: General ransomware removal tool from TrendMicro

I will test it. I still have a case here.
 

Jared

Administrator
Staff member
Yes, but if they only have Windows basic or home, not pro you can't roll back to previous versions.
 
Top