Skip to main content

How to Decrypt Files Encrypted by Crypto Virus (Cryptolocker Cryptowall & others)

I have faced this virus when a friend of mine asked for assistant, he does work in an oil services company and they have their shared files compromised by a Cryptolocker copycat, which is actually harder than the original known virus.

I will explain why it's harder.

How does the cryptoware or ransom-ware viruses works

This viruses does a simple job, it scans your PC for any storage devices included network mapped drives, than it scans them for DOC, PDF and other types of documents, in some cases pictures and videos.
After the scan it start encrypting the files, all of this happens silently without you noticing anything, it uses a key to encrypt your files, and sends that key to the creator of the virus, than the virus shows you a page that asks you for payment within 48 hours or the key will be deleted and you will never get your files back.
In exchange for the key to get your files back you pay an amount usually around $600.

Isn't that cool?

It was cool when the first gang created cryptolocker which is now in jail, anyway the group gave the database which held keys to every locked machine in the world to the FBI and a website to help people get their files back is online.
What is not cool right now is the amount of copycats from developing countries that got the code or even made it them selves, they didn't cause much damage in the globe as the original group therefore nobody cares to catch them, one of the companies that got compromised is where my friend works, files was encrypted by a copycat virus which have nobody talking about it online which makes me think they are the only ones who got infected.

There I am the first to mention it now, the virus have a pattern of renaming extentions for example from "file.DOCX" into "file.DOCX.zpbjavl".

How to decrypt the files

Yes finally, how to get your files back after cryptolocker, cryptowall and sometimes other copycats.
Just click on the links to go to the how to pages they lead into.
  1. Using Kaspersky decryption tool.
  2. Obtain the key from by scanning an encrypted file.
  3. Using Panda ransomware decryption tool.
  4. Use this tool specially designed for files encrypted with cryptodefence.
  5. If you are infected with an older type of the virus, any program that recovers deleted files will do the trick.
And now how I decrypted the files?
I simply didn't, I had the time to identify the virus which is a copycat identical to cryptolocker from what I see in the hex editor but it uses another type of encryption, SHA512 which can take up to 300 trillion years to figure out the key on a good GPU or well, tons of money to rent a super computer which I don't think worth the files, one thing remaining is trying the tools above on the infected machine after connecting it back to the network with a chance that the key is still on the registry, which I am not going to do because I will just send this page to their IT manager.

How to prevent this in the future

  1. A good antivirus which is always up to date.
  2. Limited accounts for users in your company/business.
  3. Backup your files regularly.
  4. Have some IT rules for users.


Popular posts from this blog

Tria Mera - 666 - The truth

Following is a reference to the movie white noise, what you see on this page is not my opinion, and I am not interested on this stuff, if you come here than you are probably searching after watching the movie or researching tria mera term, this is for educational purposes only.

The expression, Third Day, appears in several narratives in the Bible. (Occasionally, it is “three days.”) Some biblical interpreters have thought that some of these third day motifs have significance by signifying a certain divine principle, and a few interpreters have thought that they are cryptic in meaning. Why? Interestingly, these narratives record some of the most important events in the history of Israel. And surprisingly, except for the Bible’s mention of the third day, the seventh day, and its account of creation in Genesis 1, the Bible rarely mentions the other days of the week.
The Number of the Beast is described in the Book of Revelation 13:18. From the King James translation:[5]
Here is wisdom. L…

How to Access Satellite Internet for Free

Before you start, please note that sniffing data is highly illegal, and the below is a tutorial so you understand how it works, there is no other reference in English that goes in depth except this page, therefore you need to link back in case you used this content on any medium.
I held no responsibility what so ever if you use the below in other purposes that is not educational or testing.

For a long time satellite internet is the right solution for people in remote locations, such as forests, desert, islands and more deep far locations.

Even after the huge expansion of internet to most of the inhabited remote locations there are still people who uses satellite internet for different reasons, as it cannot be disrupted by your government, it is portable, just take your dish and decoder with you to your new home as long as the satellite you subscribed in is covering your new area as well.

Now about free access to this internet, it's around you everywhere, all you need is the right …

How to Fix Ghost Touches on any Tablet / Phone - Aka Touch Glitch

A DIY on how to fix any tablet or phone touch screen, no matter if it's android or windows this fix should work, most of the times ghost touch or phantom touches are caused by over heat and grounding issues, so instead of tweaking the software which didn't work for you for ages get your tools and watch this video! it's really simple and needs no technical knowledge.