CryptoLocker developers charge 10 bitcoins to use new Decryption Service

This is unbelievable... I can't imagine what kind of file(s) could be so important to warrant a $2100 payment. Perhaps company secrets, proprietary information or personal info that could be used as blackmail. In any case, I hope these guys get caught and get prosecuted to the fullest extent of the law in whatever country their operating out of.

Hi Admin,

     I have tried old cryptolocker version but for problem files, it comes up saying,

"Perhaps the file may be damaged or used by another process" Error code: 6007 (0x00001777) The specified file is not encrypted"

So, looks like these files are not encrypted. But, they are not opening. There are quite a few files like this. Not sure what happened to them and is there a way to recover.

This is unbelievable... I can't imagine what kind of file(s) could be so important to warrant a $2100 payment. Perhaps company secrets, proprietary information or personal info that could be used as blackmail. In any case, I hope these guys get caught and get prosecuted to the fullest extent of the law in whatever country their operating out of.

I would think maybe financial info, QuickBooks/Quicken data, stuff like that. I had an Environmental Engineering firm as a client, and I know for a fact that if they ever got hit, they would be &$*^% because they have a lot of environmental reports on file. Nothing secret, but information vital to their company. Valuable data doesn't have to be blackmail-worthy.

And this firm DOES have a backup plan in place, so it wouldn't be that bad.

Hi Admin,
 
     I have tried old cryptolocker version but for problem files, it comes up saying,
 
"Perhaps the file may be damaged or used by another process" Error code: 6007 (0x00001777) The specified file is not encrypted"
 
So, looks like these files are not encrypted. But, they are not opening. There are quite a few files like this. Not sure what happened to them and is there a way to recover.

Btw, the decryption service has changed a bit. They now still give you the 2 bitcoin 3 day payment period. They then increase the amount to 10 bitcoins.

 

Holy crap... this is getting WAY out of control...

And here's another problem I'm having: As I tell people about this infection, thinking I'm being pro-active, they write it off as another hoax and don't really seem to care. Unfortunately they will start caring if/when they get hit! *sigh*

folks should be discrete now and then when possible solutions to tracking down are put forth. They are very near. watching. right? 

folks should be discrete now and then when possible solutions to tracking down are put forth. They are very near. watching. right?

 

folks should be discrete now and then when possible solutions to tracking down are put forth. They are very near. watching. right?

If there was anything that was hamper attribution efforts, I wouldn't allow it to be posted. Unfortunately, nothing has been posted that wasn't out there for over a month now.

 

I'm sure they are having fun watching this board and probably laughing at us...

Hi Admin,

    I read below on another site. And in our case, decryption tool is saying that some files are not encrypted (which are not opening), probably because Virus managed to encrypt the file with AES key but then didn't encrypt using public key. I wonder the dword value in registry that correspond each file, is actually a AES key, which can be used.

"An AES key is generated for each file to be encrypted, the file is then AES-encrypted and the AES key is itself encrypted using the public key. The encrypted AES key is then appended to the encrypted file."

My questions is, has this new "service website" been proven to work and get the files back? How many people have dished out the 10 bitcoin and got what they needed back?

I'm sitting on 2 network drives that were infected randomly over a 404GB volume. 

OK. So the company that I work for was hit with this virus about a month ago. Total fiasco as the client refused to pull a backup and roll 4 days back to when we were infected. Now we are outside of our backup retention and we finally realized the damage done. It only infected older data. Modified this year, but pushed back into historical patient files. Our backup image that was finally put in place was 10 months old.

We have 8,293 historical scanned documents, medical, that have been encrypted. Docs that were scanned into older patient files manually over the last 10 months and then shredded afterwards. Not good. They are still on the e-mail server as they were scanned to e-mail, but we are talking thousands in labor costs to get these back into our system. 

So, we are willing to put the $2,100 in to get these files back. I'm not pulling the trigger unless I see this as a viable and tested option. 

Edited by seedy21, 04 November 2013 - 04:09 PM.

I work for a mid-sized data company.  We have @2800 employees.  One user got this from a drive by download on a weight watching site....result is several file shares with terrabytes that have bad files needing restore.

I actually heard someone suggest we pay the "_astards"  - this one is ugly - and that old Jesus Saves joke really applies.

I would advise making all network shares READ only, unless there is very good reason for them to be writeable.  For historical documents, old medical files, etc, there's probably no reason for them to be writable.  If users do need to update some of the files, etc - then place these on a separate share with write access.

No-one has mentioned backups to WORM drives yet.  e.g. backups to DVD, BluRay, etc.  These can save your bacon and the media is as cheap as chips these days.

>I can't imagine what kind of file(s) could be so important to warrant a $2100 payment.

Geezuz, I can.   Source code for your software products, company invoices and tax records going back years, general documents created as part of your work, documents prepared for clients, important documents and files needed for a looming deadline, and so on.  If a company network share is encrypted, then even the last week of work could easily be worth $2,000.  The last day of work could be even be worth $2,000, especially if it was critical or the deadline was looming ! 

If all of your family photos and videos were encrypted, you'd pay a lousy $2,000 wouldn't you ?  I would.  I'd be mad as hell with myself for doing it, and I'd use this energy to make sure I damn well plugged up all security holes, learned to create proper backups, etc so that I never suffered from ransomware again, but I would pay the money to get my "priceless" family memories back.

>I'm sure they are having fun watching this board and probably laughing at us...

Yes, they most certainly are ... watching and laughing ... all the way to the bank.

To them, this is a game of chess, with an endless number of "suckers" ....

Edited by Moose_Valley, 04 November 2013 - 09:46 PM.

A cautionary tale; Many many years ago we faithfully backed up a server using Backup Exec, used many tapes over months, then one day we needed to restore.  Unfortunately no one had ever tested the backups,  Backup Exec had been misconfigured and there was no way to restore, all the tapes were useless.

So in addition to implementing a good Backup plan, be sure to test your Backup plan, if you can't restore it's not much of a Backup plan.