Recommended Posts

Hello everybody,

in our business we got encrypted by the .ITLOCK Ransomware. We got 2 encrypted files that were decrypted. I also have a screenshot of a cmd line telling me [GENKEY][DONE]! I also got the data behind this. Is it possible to program a decrypt-tool for this ransomware or decrypt the files with those details?

 

Kind regards

!README_ITLOCK!.rtf

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

ID Ransomware should recognize .ITLOCK as a Matrix Ransomware variant which is not decryptable without paying the ransom and obtaining the private keys from the criminals who created the ransomware.

Share this post


Link to post
Share on other sites

I've got the decrypt tool from the ransom guy. The Problem now is that the log tells me "CryCha: Invalid RSA Message". Is there a chance that someone can help here when I upload the tool including the Key and decrypted data?

 

 

Share this post


Link to post
Share on other sites
11 hours ago, rr991 said:

I've got the decrypt tool from the ransom guy. The Problem now is that the log tells me "CryCha: Invalid RSA Message". Is there a chance that someone can help here when I upload the tool including the Key and decrypted data?

If you attach the tool, any keys they gave you, and a few encrypted files to a reply then I'll ask our malware analysts if they can take a look at it.

Share this post


Link to post
Share on other sites
14 hours ago, [email protected] said:

Did you resolved. I have the same problem.

You mean the problem with the decryption tool? I think whoever made the decrypter will need to assist with it if it's not working. They may simply have given the wrong decryption key.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.