To follow up my previous article on a website which successfully provides the means to decrypt cryptolocker encrypted files.

 

If all your files are encrypted with an .encrypted extension then your computer is infected with the Crypt0L0cker ransomware variant, it may also be called TorrentLocker . It’s very similar to the CryptoLocker but encrypts files with a slightly different method.Crypt0L0cker

It basically scans your computer and encrypts any files that do not match an exclude list (a list of files that cyber criminals think could cause a problem with Windows, mostly system files). Once a file is encrypted this ransomware appends the .encrypted extension to the file name, so for example your Word document becomes document.docx.encrypted instead of just document.docx. The same thing happens to all other files that are encrypted. The issue here is that the website Decrypt Cryptolocker can not repair these files, as they use a different algorithm.

 

Possible Sources of Infection

The Crypt0L0cker (.encrypted) ransomware is spread in a number of different ways; all of them seemingly innocuous, and therefore increasing the chances of us falling prey to the malware. Sometimes this ransomware is disseminated by email attachments or in links in mails or instant messages. Just a few days ago the AFP warned about AFP traffic infringement scam that distributed this ransomware.afp_irresponsible_driving_scam

 

What to do after

Step 1: Removing Crypt0L0cker (.encrypted) and related malware:

Before restoring your files from shadow copies, make sure Crypt0L0cker virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

  1. First of all, download and install Malwarebytes Anti-Malware. It has a free version and is great in removing malware

  2. Run you anti-virus software to scan for good measure

That’s it! Hopefully Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by Crypt0L0cker (.encrypted) virus:

  • Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

  • Method 2: Try to restore previous versions of files using Windows folder tools. Right-click on the infected folder or file and select ‘Restore Previous Versions”

  • Method 3: Using the Shadow Volume Copies. Download ShadowExplorer and follow the instruction from the Author.

  • Method 4: If your Lucky, you may have the exact variant the TorrentLocker link above talks about. You may also be able to use the decryption tool the author of the thread created. Follow the instructions on the website

 

 

As for any serious virus I also recommend wiping the computer / server back to system defaults, ensuring a fresh new system – BUT do not do this until you attempted to restore your files

Share This Via: