child Posted February 6, 2015 Share Posted February 6, 2015 I have received a system which is hit today morning by CTB locker, it encrypted all his data files (.xls, xlsx,, doc, docx, rar etc) Is there anyone know how to recover/decrypted all his files.....windows 7 x32bit Link to comment Share on other sites More sharing options...
Chancer Posted February 6, 2015 Share Posted February 6, 2015 This is informative; http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-informationGood luck Link to comment Share on other sites More sharing options...
child Posted February 6, 2015 Author Share Posted February 6, 2015 This is informative; http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-informationGood luckThanks, I had read and working on it but the fact is true...Is it possible to decrypt files encrypted by CTB Locker?Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom on the CTB Locker Site. Brute forcing the decryption key is not realistic due to the length of time required to break this type of cryptography. Also any decryption tools that have been released by various companies for other malware will not work with this infection. The only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies. I am trying to this now.... for a chance or good luck:How to restore files encrypted by CTB LockerIf your files have become encrypted and you are not going to pay the ransom then there are a few methods you can try to restore your files.Method 1: BackupsThe first and best method is to restore your data from a recent backup. If you have been performing backups, then you should use your backups to restore your data.Method 2: File Recovery SoftwareIt appears that when CTB Locker encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you can may be able to use a file recovery software such as R-Studio or Photorec to recover some of your original files. It is important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.Method 3: Shadow Volume CopiesAs a last resort, you can try to restore your files via Shadow Volume Copies. Unfortunately, this infection will attempt to delete any Shadow Volume Copies on your computer, but sometimes it fails to do so and you can use them to restore your files Link to comment Share on other sites More sharing options...
dcs18 Posted February 6, 2015 Share Posted February 6, 2015 My personal modus operandi in dealing with ransomware is to fix the program using a valid serial which then causes all of the encrypted file to be decrypted. Link to comment Share on other sites More sharing options...
child Posted February 6, 2015 Author Share Posted February 6, 2015 My personal modus operandi in dealing with ransomware is to fix the program using a valid serial which then causes all of the encrypted file to be decrypted........ waiting for your "personal modus operandi" Link to comment Share on other sites More sharing options...
dcs18 Posted February 6, 2015 Share Posted February 6, 2015 My personal modus operandi in dealing with ransomware is to fix the program using a valid serial which then causes all of the encrypted file to be decrypted........ waiting for your "personal modus operandi"You just need a valid serial for CTB Locker - hope someone who has one would offer it to you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.