.ITLOCK Ransomware

[rr991]

Hello everybody,

in our business we got encrypted by the .ITLOCK Ransomware. We got 2 encrypted files that were decrypted. I also have a screenshot of a cmd line telling me [GENKEY][DONE]! I also got the data behind this. Is it possible to program a decrypt-tool for this ransomware or decrypt the files with those details?

 

Kind regards

!README_ITLOCK!.rtf

[GT500]

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

[quietman7]

ID Ransomware should recognize .ITLOCK as a Matrix Ransomware variant which is not decryptable without paying the ransom and obtaining the private keys from the criminals who created the ransomware.

[rr991]

I've got the decrypt tool from the ransom guy. The Problem now is that the log tells me "CryCha: Invalid RSA Message". Is there a chance that someone can help here when I upload the tool including the Key and decrypted data?

 

 

[GT500]

11 hours ago, rr991 said:

I've got the decrypt tool from the ransom guy. The Problem now is that the log tells me "CryCha: Invalid RSA Message". Is there a chance that someone can help here when I upload the tool including the Key and decrypted data?

If you attach the tool, any keys they gave you, and a few encrypted files to a reply then I'll ask our malware analysts if they can take a look at it.

[[email protected]]

Did you resolved. I have the same problem.

Thanks

[GT500]

14 hours ago, [email protected] said:

Did you resolved. I have the same problem.

You mean the problem with the decryption tool? I think whoever made the decrypter will need to assist with it if it's not working. They may simply have given the wrong decryption key.