Infected with Cryptolocker? Need to decrypt your files?

What is Cryptolocker

CryptoLocker is a ransomware that squeezes money from users by encrypting the personal files with AES-265 and RSA algorithms. After the installation CryptoLocker inserts a randomly named executable file into %AppData% or %LocalAppData% folders. This executable is created for detecting the files for enciphering. It will change the extension of your media files and documents to .7z. CryptoLocker affects executables to prevent you from using the shadow copies. It makes everything possible to leave no other choice but to pay the ransom. With encrypting the files CryptoLocker will create a DECRYPT_INSTRUCTIONS.txt – note with the demands – in every folder containing the altered files and on the desktop. The wallpaper will also be changed to DECRYPT_INSTRUCTIONS.html. Both will provide information on the terms of restoring your files by making a payment on the site. Worried about their data users may rush to pay the ransom, however, by doing so they do not get a guarantee to get their files back and also abet the criminals’ activity. In this tutorial you can learn how to remove CryptoLocker and decrypt .7z files.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.

cryptolocker virus

How Cryptolocker infected your PC

CryptoLocker gets into the computer through malicious or hacked websites via exploit kits that find weak spots in the defense and install the virus against your will and knowledge. Another way for CryptoLocker to sneak into your system is by fake emails. Those emails usually disguise themselves to notifications. It can be taxes, deliveries and payments that failed and now the company needs your confirmation. Lead by curiosity, people open the infected attachment or link and get the CryptoLocker. Or it is also spread by pop-ups advising to update, for example, Java or Adobe Flash Player. To prevent virus infection and losing the important files it’s better to use a reputable anti-spyware program that is able to detect and remove the threat. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.

First of all don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Cryptolocker virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Cryptolocker – files, folders, registry keys.

 

Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Step 2: Remove following files and folders of Cryptolocker:

Remove following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CryptoLocker_"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "*CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "{randomname}"

Remove following files:

{randomname}

How to decrypt files infected by Cryptolocker (.7z files)?

The latest version of CryptoLocker is called TeslaCrypt – use decryptors below to attemt and decrypt those files.

Tool 1: There is open source command line utility for decrypting TeslaCrypt ransomware encrypted files called Talos TeslaCrypt Decryption Tool. It is the most effective tool available today for .ecc files decryption. Download it from this page:

Download TeslaCrypt Decryption Tool

Tool 2: There is decryption tool for older versions of TeslaCrypt called TeslaDecoder. You can use it to decrypt your files for free. Download it here:

Download TeslaDecoder

Try to use manual methods to restore and decrypt .7z files.

Decrypt .7z files manually

Restore the system using System Restore

system restore

Although, latest versions of Cryptolocker remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – Cryptolocker by Cryptolocker). This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Restore .7z files using shadow copies

shadow explorer gui

  1. Download and run Shadow Explorer.
  2. Select the drive and folder where your files are located and date that you want to restore them from.
  3. Right-click on folder you want to restore and select Export.
  4. Once the scanning process is done, click Recover to restore your files.

Protect your computer from ransomware

hitmanpro alert with cryptoguard

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Information provided by: Alexey Abalmasov

Leave a Reply

Your email address will not be published. Required fields are marked *