Cryptolocker Ransomware

fiveworlds · April 22, 2016

So here I was minding my own business when bam!! Out comes a popup demanding bitcoin. These spammers are getting real creative nowadays. Oh well couldn't pay them even if I wanted to. Does anybody know how to reverse cryptolockers encrytion on my files?? I'm assuming system restore will still work.

Edited April 22, 2016 by fiveworlds

studiot · April 22, 2016

Turn it off now.

Can you

1) Find another pc to talk to us on

2) Do you have any backups or shadow copies.

3) Are you capable of removing the hard drive and looking at it from another system?

4) Sytem Restore won't help

The encryption can't be broken, it is a damage limitation exercise.

Sorry

**Strange** · April 22, 2016

If it is the original Cruyptolocker then you can get a free recovery key: https://en.wikipedia.org/wiki/CryptoLocker#Takedown_and_recovery_of_files

If it is another variety, you may be out of luck (a few others have been cracked). Otherwise, if you don't have backups and don't want to pay, then you have lost the data.

You will also have to make sure the malware is removed (Malwarebytes is usually good at this.)

fiveworlds · April 22, 2016

Otherwise, if you don't have backups and don't want to pay, then you have lost the data.

There is no guarantee if I pay them that they will let me encrypt the data they could just ask for more bitcoin.

2) Do you have any backups or shadow copies.

3) Are you capable of removing the hard drive and looking at it from another system?

4) Sytem Restore won't help

2) I had they're gone now

3) Of course

4) Yeah it'll do nothing.

Maybe I'll just update to windows 10.... sigh

**Strange** · April 22, 2016

There is no guarantee if I pay them that they will let me encrypt the data they could just ask for more bitcoin.

From what I have read, they can usually be trusted in this way (after all, if they got a reputation for not providing a decryption key, then people would stop paying). There are, as with any business, a few rogue traders.

I would invest in a proper backup solution to make sure it can't happen again.

fiveworlds · April 22, 2016

I would invest in a proper backup solution to make sure it can't happen again.

Yeah it would be lovely to be able to afford one. So tempted

del /s /q /f c:\*.LOCKED

Edited April 22, 2016 by fiveworlds

studiot · April 22, 2016

3) Of course

Good, you may be able to get some of the data back then.

Temporary files made by Office, for instance, are not locked.

The process working its way through the list of files with certain extensions (jpg, doc etc) and making an encrypted copy.

and then deleting the original.

The orginal is not deleted immediately.

So the original may be still there.

If deleted it may not have been overwritten, which is the reason I said 'turn it off now', in which case the original may be recovered by an undelete program.

But you must do this from another machine, the ransomware will not then run if the drive is slaved.

As to removing the virus,that is usually not too bad, use combofix to kill any cloaking rootkit.

Malwarebytes will rid you of the executable only, but there it has a recovery method.

Good luck

StringJunky · April 22, 2016

You could try Recuva (free) to find and recover the deleted files StudioT mentioned.

https://www.piriform.com/recuva

**Strange** · April 22, 2016

Yeah it would be lovely to be able to afford one. So tempted

I pay $60 a year for a cloud backup service. I think it is worth it...

StringJunky · April 23, 2016

Here's good breakdown of the malware by Panda Security.

http://www.pandasecurity.com/mediacenter/malware/cryptolocker/

studiot · April 25, 2016

Note Cryptolocker is not the only ransomware around.

I have just received the following notification.

Beware New Mutant Virus

Usually one virus infection is enough to contend with: whether it steals your data or empties your online bank account, if a virus has managed to sneak through your levels of protection, removing it from Windows – and recovering from the damage – can be quite a task.

But the latest threat to strike the Internet is even worse than that: it appears hackers have managed to create a mutant virus by combining two nasty pieces of malware.

The new threat, called GozNym, is a hybrid of two existing infections, called Gozi and Nymaim, and is a persistent and powerful Trojan, according to security researchers at IBM.

Nymaim is a Trojan that attempts to lock up any Windows systems that it infects and demands a ransom to unlock the system.

Gozi is zombie infection that hacks into your browser in order to steal information.

The hybrid of these two is even worse: it steals banking details so that hackers can access online accounts, taking features from each of its two parent viruses. And, it is so potent that security researchers believe it managed to steal over £2.5 million in just a few days.

The malware infection spreads through exploit kits buried on either hacker controlled websites, or legitimate sites that have been compromised.

Running an online anti-virus scan, such as that from TrendMicro, should detect and remove the infection.

Unfortunately, this hybrid virus is just part of a worrying new trend. Hackers are increasingly taking the best bits of existing malware infections to create new, more powerful viruses.

It also allows hackers to create new malware infections very quickly, which is particularly dangerous since these infections will typically not be detected by anti-virus software until the security companies have detected it first and managed to produce a virus definition.

StringJunky · April 25, 2016

Note Cryptolocker is not the only ransomware around.

I have just received the following notification.

In Windows, a good step is to not use the main admin user account for routine tasks and browsing. I use a standard account, which has limited admin privileges, for my daily use. Linux has been so strong because you have to sign in for admin level privileges everytime and it cannot be overridden; Using Windows in Standard mode for routine use achieves the same end and leaving the admin account for only when absolutely necessary. Using UAC at full protection is also a good idea... pain in the ass though it is at first,

Edited April 25, 2016 by StringJunky

Greg H. · April 25, 2016

Hackers gonna hack. The best thing you can do is:

A) Assume you will, at some point, be hacked.

B) Make sure that you have a good damage control strategy for when it happens.

Mordred · April 29, 2016

C) never use your computer for anything financial oriented. (I only ever type prepaid master card numbers online. Limits significantly the potential loss) I also never access any account via online.

studiot · April 29, 2016

C) never use your computer for anything financial oriented. (I only ever type prepaid master card numbers online. Limits significantly the potential loss) I also never access any account via online.

Nice work if you can get it.

But if you live in the EU, particularly in the UK, you are required by law to do many things online these days. from driving licence to tax to farm movemnt orders to all the other umpteen government forms we have to deal with.

Business is also trying to force this more and more.

Bigmazzy · November 23, 2016

to avoid ransomware viruses the best one can do - to do as much back-ups as possible, avoid dowloads from unknown sources and do not open doubtful mailings, nowdays especially dangerous are so-called scandinavian ransomware viruses, such as Cerber, Locky, Thor and Aesir, it's description could be found here Newcomers aren't allowed to post links due to increased spam traffic.

Edited November 23, 2016 by Phi for All

Sign In

Cryptolocker Ransomware

Recommended Posts

fiveworlds

studiot

Strange

fiveworlds

Strange

fiveworlds

studiot

StringJunky

Strange

StringJunky

studiot

StringJunky

Greg H.

Mordred

studiot

Bigmazzy

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Important Information