cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Cryptolocker Decryption

Hi,

Does anyone have a solution to decrypt files encrypted by cryptolocker?

Thanks,

5 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 6

Re: Cryptolocker Decryption

Hi ,

there is no technical solution to decrypt files encrypted by cryptolocker, because you need YOUR private key.

Infection of Cryptolocker... some main steps:

- Dropper is executed on your endpoint

- Infector is executed on your endpoint.

- Malware is established. The Malware generates a private key for encryption. This private key is uploaded to the C&C Server in the Internet and afterwards deleted from your disk. This key must  be available to decrypt your files.

If you inspect the malware with ATD you also can see the execution of the vssadmin.exe. Vssadmin.exe is used to remove any shadow copy on your drive to prevent the restore of the private key.

Conlusio, without your private key it is not possible to decrypt your files.

I heard there was a Botnet highjacked and the private keys have been published. At the Moment i do not know where this was published, but perhaps you are lucky.

Sorry for the bad News.

Cheers

Highlighted

Re: Cryptolocker Decryption

Hi ,

Fox-IT created a portal via which you can find the key to unlock files. All you have to do is to submit a file that's been encrypted from that they can figure out which encryption key was used. But unfortunately the orginal actors have since changed their encryption model and there have also been a proliferation of copycats using the same name. This tool no longer worked and has since pulled down. So I was hoping to find a comparable resource available.

Thanks,

Highlighted

Re: Cryptolocker Decryption

The FOX-IT one only worked for the early versions of Cryptolocker.  Now variants are appearing that it wouldn't work on anyway.

Stinger is supposed to be effective at ridding one of Cryptolocker but as far as decrypting goes you'd have to Google search that and I doubt there is anything out there that is trustworthy.

Can't the affected system be taken back to an earlier time using System Restore or from backups?

Highlighted

Re: Cryptolocker Decryption

Unfortunately no; I think also that usually data is destroyed after a certain time.

Highlighted

Re: Cryptolocker Decryption

That's too bad.   I've moved this topic over to Malware Discussion > Corporate User Assistance to see if anyone here has any ideas that could help.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community