All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 17 posts ] 
Author Message
 Post subject: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 13th, 2015, 20:35 
Offline

Joined: August 8th, 2007, 6:32
Posts: 1224
Location: inside ROM
Is it possible to recover files infected by CryptoLocker Or CryptoWall ??


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 13th, 2015, 21:04 
Offline

Joined: March 19th, 2015, 15:01
Posts: 1406
Location: isreal
yes, if you get the decryption key from the criminal who holds it


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 13th, 2015, 21:17 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3540
Location: Adelaide, Australia
I just got in an encrypted HDD with Cryptowall 3.0. I have hunted around but found no solution.

The Douchebag criminals won't be getting any money from us, but the poor guy has lost quite a bit of business and family files. If I was in Law Enforcement, I wouldn't last long. I would be indited for first finding these asshats, then imaging all their kit without their knowledge, then infecting them, and everyone else they know, friends, family etc... then outing them as the masterminds of this rubbish and let nature take its course. after a few months lock up and throw away key... like they so love to do. when they cry, say well.. it has been 3 days and no payment of the fine...now the key has been melted down.

I know, hipocritacal hitting the friends and family, but social justice isn't always pretty...

Be honest, how many of you like that scenario??


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 13th, 2015, 21:22 
Offline
User avatar

Joined: December 19th, 2006, 8:49
Posts: 10828
Location: Portugal
I think that it's possible to decrypt OLDER versions of CryptoLocker. Newer versions of it can't be decrypted.

_________________
1Q9xrDTzTddUXeJAFRn37aqh1Yr6buDCdw - (Bitcoin Donations)
paypal.me/Spildit - (PayPal Donations)
The HDD Oracle - Platform for OPEN research on Data Recovery.


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 13th, 2015, 21:40 
Offline

Joined: March 19th, 2015, 15:01
Posts: 1406
Location: isreal
HaQue wrote:
Be honest, how many of you like that scenario??

i do :lol:


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 13th, 2015, 22:24 
Offline

Joined: August 8th, 2007, 6:32
Posts: 1224
Location: inside ROM
How do we know which version is which?


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 13th, 2015, 23:31 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3540
Location: Adelaide, Australia
TerraNova wrote:
How do we know which version is which?


The one I have has it displayed in the .gif graphic in each folder that has encrypted files.

I did hear on some InfoSec podcast that they were using a tactic to make one version look like something else as a decoy. But I cant remember specifics. I only have the portable HDD of the victim so they are definitely S.O.L.


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 14th, 2015, 5:19 
Offline

Joined: December 17th, 2009, 22:57
Posts: 142
Location: Macedonia
There is no solution for this.
Even agencies with 3 letters can not do nothing. FBI says pay.

http://gizmodo.com/the-fbi-thinks-ranso ... socialflow

_________________
Sistrum Data Recovery
http://www.sistrum.mk/en


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 14th, 2015, 5:21 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 2996
Location: Greece
If you find a key.dat file located somewhere in /Appdata, then there might be hope. Usually for files renamed to .vvv or .whatever there is no much hope.

_________________
WD Trusted Partners
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 14th, 2015, 7:16 
Offline
User avatar

Joined: January 6th, 2015, 2:21
Posts: 186
Location: Germany
You could try http://www.passware.com

We have used it only in cases with a password protected document etc and it worked with the brute force attacks.

Good Luck!!

_________________
Web: https://www.day1data.de


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 14th, 2015, 7:29 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3540
Location: Adelaide, Australia
day1data wrote:
You could try http://www.passware.com

We have used it only in cases with a password protected document etc and it worked with the brute force attacks.

Good Luck!!


great software for legitimate passworded or encrypted files, but not for malware ransomware.


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 14th, 2015, 10:46 
Offline

Joined: February 13th, 2010, 9:44
Posts: 208
Location: san diego, ca.
Good start HaQue! I have been telling clients to hang onto the data as in a year or two there is some chance of getting the keys. You must check files as sometimes you get lucky- one companys quickbooks files were spared because someone forgo to log out of QB- the bad employee saved the day :). Apparantly another client must have shut down a system before the ransomeware was done on another case- some items were not yet encrypted. The latest versions of ransomeware are near perfect. versioning Backups is now mandatory in business.


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 20th, 2015, 21:56 
Offline

Joined: September 1st, 2012, 6:16
Posts: 65
Location: Universe
There are 3 softwares for partial data recovery. Everyone know these softwares.
Sending PM .


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 20th, 2015, 23:46 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3540
Location: Adelaide, Australia
higgsboson wrote:
There are 3 softwares for partial data recovery. Everyone know these softwares.
Sending PM .

what is the reason for only PM the name of the software? Seems it would be rather helpful to list them publicly


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 23rd, 2015, 3:26 
Offline

Joined: September 1st, 2012, 6:16
Posts: 65
Location: Universe
Dear HaQue
Yes I totally agree with you. Knowledge must be shared for benefit of everyone.

However there could be several end customers among data recovery specialist.
If I explain / open everything to everyone then there will be no difference between customer and professions.
Only difference between them is knowledge and day by day thanks to google one can get it from net like I have got it.
Every DR person has some knowledge which he does not share to everyone & I am sure you are not exception as ultimately we are not here for pure charity.

Hope you will understand after long explanation.


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 23rd, 2015, 5:37 
Offline

Joined: January 8th, 2008, 5:21
Posts: 900
Location: uk
higgsboson wrote:
There are 3 softwares for partial data recovery. Everyone know these softwares.
Sending PM .

???
For what its worth and for a bit of fun lets try to guess the names of these 3 softwares.

1- Winhex?


Top
 Profile  
 
 Post subject: Re: Recovering Files Infected By CryptoLocker Or CryptoWall
PostPosted: December 24th, 2015, 5:19 
Offline

Joined: September 1st, 2012, 6:16
Posts: 65
Location: Universe
hey come on dick
So far you have given only 1 name , where are others two ? Seems your fun is incomplete.
Like cryptowall Ransomware I am giving you 80 Hours to name others , else you will FAIL.
Ha Ha Ha. :lol:


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: ddd123, DIAGS4711, Google [Bot] and 58 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group