Decryption keys are now freely available for victims of CryptoLocker

You are infected with Critroni, there is no decrypter to get these files back as of yet.
 
xXToffeeXx~

 

I see. Ok, thanks.

Can we still get the CryptoUnlocker GUI  to download all I'm getting is a html file

cheers karl

Add me to the bunch who have been infected by this Critroni.

My files too have the extension .ctb2 now. (jpg/zip/rar/doc/txt files)

So if they are working on a delocker, how long could that take? Are my files ruined forever or is there perhaps hope left?

We were attacked by what we believe is the Cryptolocker virus, and our external back up files have been encrypted. The virus came through an email on our Windows 7 PC running MS Office 2013. I am still using an old dinosaur XP running MS Office 2003. Documents on my hard drive are not encrypted, but documents on the Win7 hard drive have been encrypted. We have tried using the Microsoft decrypter instructions. Success with .pdf files, but not .doc, .xls etc.

We found a link to FireEye/Foxit scanner, but when I upload an encrypted MS document, it tells me that the document is not encrypted by CryptoLocker. I am confused, as there is a Google Chrome icon in each folder that  links to a CryptoLocker link. I am reluctant to include links in this conversation, as I am not sure whether it would compromise your site. We are running Vipre, who have been informed. They advised us to reinstall Vipre 2015, and have been able to eradicate any future encryptions, but were not able to restore those files infected prior to the reinstall and consequent attempt from the back end.

We are at a loss as where to go for assistance. Our hard drive has a lot of years of work that is now off limits. I hope you can assist in some way.

Thanks in advance (pleading)

We were attacked by what we believe is the Cryptolocker virus, and our external back up files have been encrypted. The virus came through an email on our Windows 7 PC running MS Office 2013. I am still using an old dinosaur XP running MS Office 2003. Documents on my hard drive are not encrypted, but documents on the Win7 hard drive have been encrypted. We have tried using the Microsoft decrypter instructions. Success with .pdf files, but not .doc, .xls etc.

We found a link to FireEye/Foxit scanner, but when I upload an encrypted MS document, it tells me that the document is not encrypted by CryptoLocker. I am confused, as there is a Google Chrome icon in each folder that  links to a CryptoLocker link. I am reluctant to include links in this conversation, as I am not sure whether it would compromise your site. We are running Vipre, who have been informed. They advised us to reinstall Vipre 2015, and have been able to eradicate any future encryptions, but were not able to restore those files infected prior to the reinstall and consequent attempt from the back end.

 

We are at a loss as where to go for assistance. Our hard drive has a lot of years of work that is now off limits. I hope you can assist in some way.

 

Thanks in advance (pleading)

Hi there,

I think you have been infected by CryptoWall, a younger, more sophisticated brother of CryptoLocker. Unfortunately, there is no way to de-crypt files locked by CryptoWall yet. I suggest you just wait and hope. Sorry to be bearer of bad news. If it's any comfort, there are many of us    

Download ID tool from here. It should be able to detect the type of ransomware that have infected you.

i'm in the same shame here, Cryptowall, hoping that there will be some solution soon.

I've tried many data recovery, but none worked fine for me, only old stuff, correctly deleted by me, previously

maybe have you some experience for this issue? any data recovery that worked fine for you with crypto_wall deleted fils?

thank in advance

(sad.. )

Read here:

 
CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Thanks!

I downloaded Photorec but the data recovery method is scaring me. This is all new to me and I am NOT a computer wiz.

It's telling me to use a 2nd computer(I don't have one!) as backup and use for the program or else your hard drive will be busted. Uhm, yeah, I don't want that.

Most my encrypted files are on my external hard drive, BUT that hard drive also has tons of uncrypted, and still workable, files. I get the idea that by using this recovery program, my entire drive will be rebooted and I may lose other things because in some folders the encrypted files are in, also have unaffected files/images.

So I am hugely scared to use these recovery programs.

As a side note, since we're now 4 days later, obviously my computer has been rebooted several times, and my external hard drive has been unplugged on and off too. I read everywhere that the more you restart your computer, the more is lost. So, I may already have caused irreparable damage, no?

I could really use some help with running Photorec and info if I would indeed ruin more on that hard drive than already the encrypted files?

Edited by CB77, 17 October 2014 - 07:08 PM.

Yes I tried that, but there were no shadow copies to retrieve (I suspect Cryptowall deleted those, and sadly because Win8 doesn't automatically enable restore points or previous versions, I wasn't aware that I had to turn that on myself so no "previous versions" or restore points to be found).

I checked via ShadowExplored but even there nothing was of use. At least, not much. Only one option that was the day I received the malware (I think).

And I did try it with the pictures on my C drive to that date and it did "restore" the images, it was unable to retrieve the image so it only gave me solid color images in return. I guess the files were already too damaged? It did however restore my documents.

However, my bigger issue is my ext. portable drive that got affected which was my backup! (damn Cryptowall infecting ALL attached drives)

I tried Shadow Explorer there too but it can't even see that drive. It only lets me see the drives in my computer, not the external ones so I couldn't restore that drive at all!

However, my bigger issue is my ext. portable drive that got affected which was my backup! (damn Cryptowall infecting ALL attached drives)
I tried Shadow Explorer there too but it can't even see that drive. It only lets me see the drives in my computer, not the external ones so I couldn't restore that drive at all!

 

Sadly to say, but we have not been able to find a solution to it. 

Can we still get the CryptoUnlocker GUI  to download all I'm getting is a html file

 

cheers karl

Would that program have worked?  I tried DecryptCryptolocker.com and I was never able to get anywhere; after hours of waiting I gave up.

Hi all, I'm infected by Cryptolocker, when I try to decryt service "https://www.decryptcryptolocker.com/", I'm getting an error "The file does not seem to be infected by CryptoLocker. Please submit a CryptoLocker infected file." But It is infected. How can I solve this issue?

Hi Everyone, 

I am not computer savvy at all and this is my first time on a forum so please forgive my ignorance. 

I got infected with the Cryptolocker virus on my work computer, which isn't a big deal because they can just re-image the machine and I don't store anything on there. However, it managed to infect my external hard drive which has EVERYTHING on it. I have tried the FireEye - Fox IT Scanner and it keeps saying that my files aren't infected when they are. Does anyone have any other options I can try? 

Any help is great. 

Thanks