TorrentLocker Support and Discussion Thread (CryptoLocker copycat)

It's because new variants cannot be decrypted in this manner. You need to the private key from the attacks C&C. The reason you are seeing what appears to be an unencrypted copy is because the tool DecrypterFixer created drops the .encrypted off. However, the file is still encrypted.

And where do I find the private key from the C&C?

we may have a method to get encrypted files back from any Torrentlocker variant now. Please email me at decryptorbit@outlook.com thanks.

and please discontinue any use of the old decrypter as it will not work with new variants. Only if you got infected about a month ago will it work. And don't force it even when the wrong key generates. That's why there is a test step, you will only mess up ur files and ruin any chance of decryption.

Hi Nathan,

Thanks for putting so much effort into this, it certainly is appreciated. I have sent you an email little earlier, and also submitted a sample as requested in the other thread. The files included in the zip are the TEMP files from the ProgramData directory as well as the original URL that infected the PC.

Looking forward to hear from you regarding the new decrypter.

Thanks again for your hard work and keep it up

M.

Hi Nathan

I bekeive I have been infected with the early version of thos virus. do you think your fix can still work? if so I can send you an encripted file and and original (I still have a few)

Thank you Russell

thanks in advance for all your hard work, i know a lot of people would be lost without it.

Paul

If you have been infected with TorrentLocker in the last 24-48 hours, Please PM me ASAP. 

Thank you.

Thank you all for the information on this thread. Will the CryptoPrevent software identified under the CryptoWall virus discussion also by chance block this variant?

Thanks

If you have been infected with TorrentLocker in the last 24-48 hours, Please PM me ASAP. 

 

Thank you.

I sent you a PM 

I am interested. We get these here and there. We been avoiding it by using a GPO fix which basically prevents the writing to APPDATA which to our understand is one of the things that the virus does. Get back to me when you can.

If you have been infected with TorrentLocker in the last 24-48 hours, Please PM me ASAP. 

 

Thank you.

Hi Nathan sample encrypted files sent via bleeping computers site and to your PM and email.

Thanks

Aaaaargh,

One of my users just managed to get the new version and encrypt 1/2 of my network drives - grrrr. I will post the files and the new URLs tomorrow once I finish with the backup restores.

M.

Hi, I came here because I read the note about the Gameover on June so I assumed my latest hit is Torrentlocker,

Q. Does torrentlocker also leave behind in every directory the files "DECRYPT_INSTRUCTION.TXT, etc?

My story:  We had the Cryptolocker earlier this year destroy some files on a server and we then took some steps to prevent further hits with GPO the PC but we had a hit again yesterday. We were lucky our backups were good. Unfortunately the PC was not in my control as it was at a remote office and has since been overwritten and the admin has deleted the encrypted files so I don't have any more info to help. I only know it left behind the same files as noted above.

One thing I would like to find is a solution which looks at the header files and if it sees any with encryption it sends us an alert, or turns off file sharing, or does something helpful!

Please let me know if you have any ideas for me.

Thank you!

Email & PM sent to Nathan.

"Luckily" I'm not the only one fighting with this piece of ****. Hopefully a decryption-method will be found soon because paying those idiots isn't my first choice.

PM sent. I have a client with thousands of encrypted files on his NAS box - it's gonna be a long day...