Decryption keys are now freely available for victims of CryptoLocker

Well, I can say it Does work. I had a friend that had about 19 gig's of data locked up and we decrypted all of it. I would like to pass on my THANK YOU'S to everyone that has worked on this and keeping us all informed... Great Work to all !!  

We had a client send us about 10 encrypted word files and I was able to successfully get this to work. It was very easy to use. The one thing I did have to do is run cmd prompt as admin and it worked. The only bad thing I have found (unless I am missing something) is you cannot have any spaces in the file names??? For example I had a word doc that was named $10 Per Count and I had rename it to 10percount or it would say it was unsuccessful.

Now in my case i only had about 10 files so this was not an issue but I have had clients come in with gigs and gigs of data. I am not going to go through all these files and rename them. Am I missing something? Can you do an entire directory of files? I see absolutely no documentation on how to use the advanced features of this tool. Just my 2c

Just popping in to repost what is in the cryptolocker thread already. As OP stated, the console application they hand out with your keys can be quite confusing. If anyone is uncomfortable using the CMD window, you can use a GUI version. I simply used the original python script to make this, which makes recursion alot easier, and fixes the space in filename error. 


CryptoUnlocker GUI
===============
 
 This is for anyone having issues with the command line version of the Cryptolocker decrypter. Its nothing special, just commands assigned to buttons with a few things i added that i thought may help (ability to not have encrypted .BAK files everywhere is one). For now its binary in binary, and if i see a performance reason to convert the python script into .net, i will.
 
Hope this helps victims who don't know their way around a command prompt window.
 

 

Tool Link:  CryptoUnlocker GUI 
 
VirusTotal Link: CryptoUnlocker GUI VT

 
 
Sample Image:
 

Hello, I've registered with Bleeping Computer as I Googled "Fire-eye decrypter, does it work " and saw the link to here.  I was so excited to discover that there is a solution for Cryptolocker victims, I've lost lots of precious photos of my late mum, not to mention Word docs. etc.  The infected computer isn't used very often and we didn't even notice the infection until around a year 6 months after it happened, I know that's not an excuse and that I should have made backups,  Lesson learned the hard way :-( 

Anyway I tried uploading a file to the portal from the infected PC but I got a message saying there was a problem with the website's certificate.  I opened the webpage and selected a file to upload but nothing appeared to be happening.   Left it for ages with no sign of any progress.  Does anyone know if that is because of the certificate issue ?  The file was very small, just a Word doc which contained an address, nothing else.

Do you have to upload the file from the infected computer or can it be from any PC ?  I only ask because when I go to the portal on another PC, I don't get the message about the certificate.  

Sorry, that post's a bit rambling ! :-)

Thanks for any help anyone can give. 

Edited by peskywabbit, 09 September 2014 - 02:44 PM.

peskywabbit,

Pleas ensure that your computers time and date are correct. If they are not this will cause a certification issue that will make the site work unproperly.

After ensuring that your time and date on your computer is right and the problem still persists, please take a moment to try a different browser such as FireFox or Chrome if you havent already.

Thanks.

Thanks for your answers, will give it another go tomorrow night.  I'll let you know if it works :-) x

Hi guys I got a call after a women clicked on a email attachment and then realised she couldn't open some of her files. The strange thing is its not the normal Cryptolocker wallpaper virus it has actually renamed 6000 files with ".encrypted" as a second extension. The fire it site does not work with these files. I have searched all over but cannot find any information regarding what looks like a different strain of cryptolocker.

Any help would be greatly appreciated

Hi guys I got a call after a women clicked on a email attachment and then realised she couldn't open some of her files. The strange thing is its not the normal Cryptolocker wallpaper virus it has actually renamed 6000 files with ".encrypted" as a second extension. The fire it site does not work with these files. I have searched all over but cannot find any information regarding what looks like a different strain of cryptolocker.

 

Any help would be greatly appreciated

You have been infected with this new variant:

New CryptoLocker copycat ransomware in the wild

Thanks for the fast response decrypterfixer, I take it there is no way free way of decrypting these files as yet? 

If anyone Has the CryptoLocker Variant with the .Encrypted File extension and is considering paying the infection, Please shoot me an Email at DecryptorBit@outlook.com first! There may be a few things to try and test before hand.

Thanks!

Hi guys, eventually got time to try the Fox IT scanner to decrypt my files and I get the message "The files does not seem to be infected by CryptoLockerPlease submit a CryptoLocker infected file"

Hello. I also got all my files encrypted, but with cryptolocker 2 (i think). The encrypted files have a .ctb2 extension added.

Does anyone know if there will also be a unencryption tool for this?

edit: www.decryptcryptolocker.com/  Say: The file does not seem to be infected by CryptoLocker. Please submit a CryptoLocker infected file.

I have 1200+ photos encrypted as .ctb2, and i don't have this photos backed up anywere..

Edited by lurkermihai, 28 September 2014 - 05:42 AM.

Hi guys, eventually got time to try the Fox IT scanner to decrypt my files and I get the message "The files does not seem to be infected by CryptoLockerPlease submit a CryptoLocker infected file"

Please download this file from here, extract the zip and then run IDTool.exe. Wait for the tool to load and then click the Generate Text Friendly Report for Forums button. Copy the content of the box that appears into your next reply.
 

Hello. I also got all my files encrypted, but with cryptolocker 2 (i think). The encrypted files have a .ctb2 extension added.
Does anyone know if there will also be a unencryption tool for this?
 
edit: www.decryptcryptolocker.com/  Say: The file does not seem to be infected by CryptoLocker. Please submit a CryptoLocker infected file.
I have 1200+ photos encrypted as .ctb2, and i don't have this photos backed up anywere..

You are infected with Critroni, there is no decrypter to get these files back as of yet.
 
xXToffeeXx~