1
My MS Office files and pdf files has been encrypted by some ransomware in my pc which was running window XP. I removed the ransomware,formated the OS and put windows 7, but my files are still encrypted. Is there any way of decrypting it as it very important files and i dont have a backup of these files. Some one pls help me out of this mess.
user3186997
Posted 2014-03-02T11:16:09.700
Reputation: 11
2
Wikipedia says that CryptoLocker encrypts files "using RSA public-key cryptography, with the private key stored only on the malware's control servers", and that "although CryptoLocker itself is readily removed, files remain encrypted in a way which researchers have considered infeasible to break."
Sounds like your files probably can't be recovered.
Wyzard
Posted 2014-03-02T11:16:09.700
Reputation: 5 832
1
Unfortunately as you have formatted the original drive you will have destroyed your public key which Cryptolocker uses along with their private key to decrypt the files. So even if you did pay the ransom there would be no way of decrypting the files, or not until someone comes up with decrypter for that variant of Cryptolocker.
Sorry there really is no good news. One thing I would say is when you do use your backup system (which after this I'm sure you've purchased) makesure you keep it disconnected from your machine whenever possible. This is because ransomware like Cryptowall 2.0 and Cryptolocker will encrypt all devices/drives available.
Hope you find a solution, good luck.
David Golding
Posted 2014-03-02T11:16:09.700
Reputation: 339
1
FireEye and FOXIT provide a possibility to try decrypt files encrypted by cryptolocker:
https://www.decryptcryptolocker.com/
Have in mind, there is a lot of unique malware samples classified as a Crytpolocker, it's only family name for this kind of malware. They may not to help you, if your files will be encrypted with some unknown or high quality type of malware.
If you don't have your current malware sample for some analysis, you are unable to detect some kind of malware bug you can use for program your own decrypting tool.
Dolmayan
Posted 2014-03-02T11:16:09.700
Reputation: 92
Site looks down – Jonathan – 2016-02-03T18:21:44.423
3
Possible duplicate of How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?
– fixer1234 – 2016-09-14T00:53:42.3871Without knowing what ransomware it was, probably not. Is there any more information you can provide? – Wyzard – 2014-03-02T14:34:00.600
I think its cryptolocker but i didn't get any timeout that crypto locker usually gives – user3186997 – 2014-03-02T14:38:28.623