daiwhyte 0 Posted April 29, 2016 Report Share Posted April 29, 2016 Hi, Ive tried your Decryptor for Autolocky and I get the error message The decryptor could not determine a valid key from your system. The OS is Windows 2008 Server but I dont believe the infections was launched from the server. Ive found a pc on the network which has also been infected and the user reported an odd attachment so Ive search that PC for the .txt file but I cannot find it anywhere? Do I need this txt file to decrypt the files back on the server or do you have another version of the decryptor which can be run on my server to decrypt the file? I have shadow copy loaded and for now Im able to resurrect the files as and when users report them missing but I would like to just run the decryptor on the server just to reverse the effects of LOCKY Thanks DW Link to post Share on other sites
Elise 276 Posted April 29, 2016 Report Share Posted April 29, 2016 Hello, If this is indeed the latest Locky variant, then decryption is not possible unfortunately. Can you please tell me what the name of the ransom note is (if you find one) and what the format is of affected files, so I can determine what ransomware variant you are dealing with? Link to post Share on other sites
daiwhyte 0 Posted April 29, 2016 Author Report Share Posted April 29, 2016 Hi, I can confirm the file extension is .locky. This is what I found ++$-_ !!! IMPORTANT INFORMATION !!!! All of your files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) http://en.wikipedia.org/wiki/Advanced_Encryption_Standard Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server. To receive your private key follow one of the links: 1. http://25z5g623wpqpdwis.tor2web.org/C4E805EA8E7C3DCC 2. http://25z5g623wpqpdwis.onion.to/C4E805EA8E7C3DCC 3. http://25z5g623wpqpdwis.onion.cab/C4E805EA8E7C3DCC If all of this addresses are not available, follow these steps: 1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html 2. After a successful installation, run the browser and wait for initialization. 3. Type in the address bar: 25z5g623wpqpdwis.onion/C4E805EA8E7C3DCC 4. Follow the instructions on the site. !!! Your personal identification ID: C4E805EA8E7C3DCC !!! +~.$+. ._~*..*-|.=.||+$*.+$ +=-..$_+ *~*=. Link to post Share on other sites
Elise 276 Posted April 29, 2016 Report Share Posted April 29, 2016 In that case unfortunately decryption is not possible due to the way the files are encrypted and the complexity of the encryption algorithm. To restore your files you'd have to use a recent backup. Please let me know if you have further questions about this. Link to post Share on other sites
daiwhyte 0 Posted April 30, 2016 Author Report Share Posted April 30, 2016 Ok thanks Link to post Share on other sites
Elise 276 Posted April 30, 2016 Report Share Posted April 30, 2016 Sorry I wasn't able to be of help. This topic will now be locked. If you need it reopened, please send me a personal message. Link to post Share on other sites
Recommended Posts