Posted 03 October 2018 - 05:03 PM
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 09 January 2020 - 10:33 PM
Hi All,
New Here.
I know this is an old post but just had a client get hit with Cryptolocker. All files have .cryptolocker extension. Are there any decryption tool available.
Edited by stacyp72, 09 January 2020 - 10:33 PM.
Posted 10 January 2020 - 06:40 AM
The original CryptoLocker Ransomware which first appeared in the beginning of September 2013...does not exist anymore and hasn't since June 2014. There are many copycat ransomware variants which pretend to be or use the CryptoLocker name but these infections are not the same.
Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) OR Emsisoft Identify your ransomware for assistance with identification and confirmation of the infection? Uploading both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the criminals gives a more positive match with identification and helps to avoid false detections.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
Posted 10 January 2020 - 11:49 AM
Emisisoft ID's it as RAPID but the files have the .cryptolocker extension. and not the .rapid.
Edited by stacyp72, 10 January 2020 - 11:52 AM.
Posted 10 January 2020 - 12:25 PM
Rapid uses different extensions, not just .rapid. ID Ransomware (which powers the Emsisoft identifier) can tell by the filemarker, so it is very accurate. Definitely Rapid.
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 10 January 2020 - 12:30 PM
Thanks for the info. So far Rapid not decryptable correct?
Posted 10 January 2020 - 02:33 PM
Correct. Only the criminals have the private RSA keys to decrypt your, and everyone else's files. I've personally analyzed several variants of Rapid, and they are all secure. Lots of mistakes in their code, but nothing that compromises the crypto scheme used.
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
Posted 10 January 2020 - 03:24 PM
There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
0 members, 4 guests, 0 anonymous users