Jump to content

i removed cryptolocker with Malwarebytes but data cant be read


Recommended Posts

Hi fbruno, and welcome to Malwarebytes forum.

Please see http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
 

Is it possible to decrypt files encrypted by CryptoLocker?

Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. More information about how to restore your files via Shadow Volume Copies can be found in this section below.


I would not send money to the criminals that infected your system. You only encourage them to continue their criminal activities. I would format and reinstall, ensure that you have a good antivirus and anti-spyware program (like MBAM) running at all times, and ensure that you have a good backup program that supports system recovery like Paragon Software's Backup & Recovery 2014 Free or Marcium Reflect Free Edition. Both support 32 and 64 bit versions of Windows, and both support system recovery through use of a bootable recovery CD. I would save a copy of your backup image off-line where it cannot be infected.

 

 

 

 

 

 

Link to post
Share on other sites

Hi fbruno, and welcome to Malwarebytes forum.

Please see http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt

 

I would not send money to the criminals that infected your system. You only encourage them to continue their criminal activities. I would format and reinstall, ensure that you have a good antivirus and anti-spyware program (like MBAM) running at all times, and ensure that you have a good backup program that supports system recovery like Paragon Software's Backup & Recovery 2014 Free or Marcium Reflect Free Edition. Both support 32 and 64 bit versions of Windows, and both support system recovery through use of a bootable recovery CD. I would save a copy of your backup image off-line where it cannot be infected.

 

Thanks very much for your time. its hard to believer there is no "cure" and these criminals have succeeded. certainly a lesson learned for me. Thx again

Link to post
Share on other sites

They only succeed when people send them money rather than restore from backup, or if not available, reformat and start over. Backing up is key to threats like this and some file infectors that are not recoverable from. When I backup, I save a full drive image copy to a dedicated spare drive, to a network accessible storage (NAS) device, and periodically also transfer backup sets off-line to Blu-ray BD-R discs. Once you reinstall, I would be sure you have Autoplay turned off, and then fully scan all your external devices (external storage, flash drives, etc.).  As you were already affected, you may also want to read How to prevent your computer from becoming infected by CryptoLocker and consider using CryptoPrevent.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.