This article provides information on "What CryptoLocker is, what it looks like, and a free option to decrypt files that have been impacted by CryptoLocker".
CryptoLocker is a type of ransomware that encrypts files including things like Microsoft Word and Excel files. Unless the user pays the fee demanded, the files remain encrypted. In the case of CryptoLocker, once the fee is paid, a decryption key is released allowing the files to be accessed again. Decrypting the files one time, will not prevent them from being reinfected in the future. CryptoLocker also has the potential to encrypt backup files if the backup is connected to the system. While the ransomware can be removed, removal does not decrypt the affected files.
There are multiple versions of CryptoLocker, which also appears as CryptoWare, CryptoDefence, CryptorBit, PowerLocker or TorLocker. Typically some variation of the image below will appear on the system.
If you have a system infected by CryptoLocker, FireEye in conjunction with Fox IT have developed a website that will generate a decryption key. Due to the specific nature of the encryption, it may not work in all cases and may not work on all versions and spin offs of the CryptoLocker virus. The website is free, it will ask you to upload one of the encrypted files and then based upon the information from that file, will generate a key. The website does require you to enter a valid email address.
Once you have received your key, you can then use the following steps to decrypt the file.
There is a new crypto virus called TeslaCrypt. The encryption used is not as bad as the crypto locker virus previously seen. Here is the blog that I found with decryption instructions: http://blogs.cisco.com/security/talos/teslacrypt
Article ID: SLN295426
Last Date Modified: 05/13/2015 02:17 PM
Thank you for your feedback.