rr991 0 Posted March 14, 2019 Report Share Posted March 14, 2019 Hello everybody, in our business we got encrypted by the .ITLOCK Ransomware. We got 2 encrypted files that were decrypted. I also have a screenshot of a cmd line telling me [GENKEY][DONE]! I also got the data behind this. Is it possible to program a decrypt-tool for this ransomware or decrypt the files with those details? Kind regards !README_ITLOCK!.rtf Quote Link to post Share on other sites
GT500 872 Posted March 14, 2019 Report Share Posted March 14, 2019 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Quote Link to post Share on other sites
quietman7 3 Posted March 15, 2019 Report Share Posted March 15, 2019 ID Ransomware should recognize .ITLOCK as a Matrix Ransomware variant which is not decryptable without paying the ransom and obtaining the private keys from the criminals who created the ransomware. Quote Link to post Share on other sites
rr991 0 Posted March 15, 2019 Author Report Share Posted March 15, 2019 I've got the decrypt tool from the ransom guy. The Problem now is that the log tells me "CryCha: Invalid RSA Message". Is there a chance that someone can help here when I upload the tool including the Key and decrypted data? Quote Link to post Share on other sites
GT500 872 Posted March 15, 2019 Report Share Posted March 15, 2019 11 hours ago, rr991 said: I've got the decrypt tool from the ransom guy. The Problem now is that the log tells me "CryCha: Invalid RSA Message". Is there a chance that someone can help here when I upload the tool including the Key and decrypted data? If you attach the tool, any keys they gave you, and a few encrypted files to a reply then I'll ask our malware analysts if they can take a look at it. Quote Link to post Share on other sites
[email protected] 0 Posted March 30, 2019 Report Share Posted March 30, 2019 Did you resolved. I have the same problem. Thanks Quote Link to post Share on other sites
GT500 872 Posted March 30, 2019 Report Share Posted March 30, 2019 14 hours ago, [email protected] said: Did you resolved. I have the same problem. You mean the problem with the decryption tool? I think whoever made the decrypter will need to assist with it if it's not working. They may simply have given the wrong decryption key. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.