Decrypting Files Affected by CryptoLocker/TeslaCrypt Ransomware,

Decrypting Files Affected by CryptoLocker/TeslaCrypt Ransomware,


This article provides information on "What CryptoLocker is, what it looks like, and a free option to decrypt files that have been impacted by CryptoLocker".


Description

CryptoLocker is a type of ransomware that encrypts files including things like Microsoft Word and Excel files. Unless the user pays the fee demanded, the files remain encrypted. In the case of CryptoLocker, once the fee is paid, a decryption key is released allowing the files to be accessed again. Decrypting the files one time, will not prevent them from being reinfected in the future. CryptoLocker also has the potential to encrypt backup files if the backup is connected to the system. While the ransomware can be removed, removal does not decrypt the affected files.

There are multiple versions of CryptoLocker, which also appears as CryptoWare, CryptoDefence, CryptorBit, PowerLocker or TorLocker. Typically some variation of the image below will appear on the system.




If you have a system infected by CryptoLocker, FireEye in conjunction with Fox IT have developed a website that will generate a decryption key. Due to the specific nature of the encryption, it may not work in all cases and may not work on all versions and spin offs of the CryptoLocker virus. The website is free, it will ask you to upload one of the encrypted files and then based upon the information from that file, will generate a key. The website does require you to enter a valid email address.

Once you have received your key, you can then use the following steps to decrypt the file.

  1. Open a Command (CMD) prompt
  2. Enter in Decryptolocker.exe --key "key"Lockedfile.doc. Key will be the key that was generated and Lockedfile.doc should be the name of the file that you are decrypting.
  3. You can also dectrpy a folder by entering Decryptolocker.exe --key "key"C:\FolderName\*
  4. Once you run the command, you should receive a message telling you tha thte file has been unlocked.
Note: Dell does not guarantee data and is not resonsible for data loss.

TeslaCrypt

There is a new crypto virus called TeslaCrypt. The encryption used is not as bad as the crypto locker virus previously seen. Here is the blog that I found with decryption instructions: http://blogs.cisco.com/security/talos/teslacrypt


Additional Information

Decrypting CryptoLocker Files

Your Locker of Information for CryptoLocker Decryption

Operation Tovar: The Latest Attempt to Eliminate Key Botnets

TeslaCrypt: http://blogs.cisco.com/security/talos/teslacrypt



Article ID: SLN295426

Last Date Modified: 05/13/2015 02:17 PM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.