crypto locker - how to remove?

Highlighted
Aspirant

crypto locker - how to remove?

 
1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure

Re: crypto locker - how to remove?

Hi all!

 

Just to note, the Q&A about Ransomware is being extended by a week or two, so get your questions in while you have the chance!

 

And we should soon be seeing a response to the Crypto Locker question, so keep an eye out here: http://community.f-secure.com/t5/Stop-Ransomware/Hi-does-F-Secure-IS-2014-detect/qaq-p/34281

 

@Rantapallo, has Blackcat's advice helped with this, or are you still in need of further advice?

 

// Chrissy

Has somebody helped you? Give Kudos as a way to say "thanks!"
Has your issue been solved? Mark the post using the "Accept as Solution" button to let others know.
23 REPLIES 23
Senior Advisor

Re: crypto locker - how to remove?

Ransomware; A  nasty strain of Windows malware that uses advanced encryption to lock up user files before demanding a ransom. It leaves users in danger of losing important files forever unless they pay up. 

 http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

 

You need to try and remove the infection/restore your files in 2 main steps;

 

1. Remove Cryptolocker completely using the free Malwarebytes; Removal guide is here; https://forums.malwarebytes.org/index.php?showtopic=134420

 

2. But problem is that affected files remain encrypted; Malwarebytes cannot  undo the encryption. The only way of restoring your files is from a backup, or if you have System Restore.

 

Details are herehttp://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-26#entry3165383

 

I am not sure that F-Secure have added detection for this malware but even if they have it can't help in recovering encrypted files post-infection. Their online scanner may be able to remove it; http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware

 

Bleeping Computer have all the information that you need to know; http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

 

Edit;  

 

If you have questions about ransomware, you can ask an F-Secure security expert in a special online Q&A session happening now through to the end of October. The session is being held through the F-Secure Community and is accessible via http://community.f-secure.com/t5/Stop-Ransomware/qa-p/stopransomware.

Senior Advisor

Re: crypto locker - how to remove?

For future use; 

 

a. Try CryptoPrevent is a free utility by Fooli**bleep** LLC that automatically adds the suggested Software Restriction Policy Path Rules (listed in the guide) to your computer. The added Software Restriction Policies are to prevent CryptoLocker from being executed in the first place; http://www.fooli**bleep**.com/vb6-projects/cryptoprevent/

 

b. This ransomware again shows the importance of backing up your data; backup, backup, backup!!! Get yourself a good backup program such as Macrium; http://www.macrium.com/reflectfree.aspx

 

 

Video here shows CryptoLocker in action; http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prev...

Superuser

Re: crypto locker - how to remove?

Oh **bleep**!  Smiley LOL

F-Secure

Re: crypto locker - how to remove?

Hi all!

 

Just to note, the Q&A about Ransomware is being extended by a week or two, so get your questions in while you have the chance!

 

And we should soon be seeing a response to the Crypto Locker question, so keep an eye out here: http://community.f-secure.com/t5/Stop-Ransomware/Hi-does-F-Secure-IS-2014-detect/qaq-p/34281

 

@Rantapallo, has Blackcat's advice helped with this, or are you still in need of further advice?

 

// Chrissy

Has somebody helped you? Give Kudos as a way to say "thanks!"
Has your issue been solved? Mark the post using the "Accept as Solution" button to let others know.
Scholar

Re: crypto locker - how to remove?

Hello i have cryptolocker virus on my computer what to do we tried to save our files and folders but they are not opening what to do please help us.

Former F-Secure Employee

Re: crypto locker - how to remove?

Hi Rina,

Please check this:

http://community.f-secure.com/t5/Stop-Ransomware/Hello-BlackCat-nbsp-our-products/qaq-p/34367/commen...

Best Regards

-Jake
Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Senior Advisor

Re: crypto locker - how to remove?

"v6.0 - CryptoPrevent is no longer based solely on Windows software restriction policies, and now includes a real-time filter and definitions files/updates! "

 

http://www.fooli**bleep**.com/vb6-projects/cryptoprevent/

 

http://www.majorgeeks.com/files/details/cryptoprevent.html#screenshots

 

Senior Advisor

Re: crypto locker - how to remove?

"Whitehat hackers have struck back at the operators of the CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage. Through a partnership that included researchers from FOX-IT and FireEye, researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims' personal computer files until they pay a $300 ransom. They also reverse engineered the binary code at the heart of the malicious program. The result: a website that allows victims to recover the key for their individual content."

 

FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker; https://www.decryptcryptolocker.com/

 

Further info; http://arstechnica.com/security/2014/08/whitehats-recover-victims-keys-to-cryptolocker-ransomware/

 

Intelligence report; http://blog.fox-it.com/2014/08/06/cryptolocker-ransomware-intelligence-report/

 

HitmanPro.Alert offers protection against CryptoLocker and its variants, like the current CryptoWall.; https://www.youtube.com/watch?v=5M8YYnXIAlw

 

The second Community Technology Preview of HitmanPro.Alert 3. has also been released; (and is running stable here on my machines); http://test.hitmanpro.com/hmpalert3ctp2.zip

Superuser

Re: crypto locker - how to remove?

That's great news! :)