Decryption of The Crypto Locky Virus Files

[ITBFDR]

In addition to my first post i would like to ask if anyone has succeeded to decrypt the encrypted files of the Locky or Crypto virusses as this will make recovery easier Thank You! I tried some programs including some Forensic Programs Talos Decryptor it seems like this virus encrypts the files when its on the PC once removed the files are over written or corrupted

 

[Mankar Kameran]

In my experience with this virus, I used Malwarebytes to get rid of the virus and then I used shadow explorer to get back the files. A system restore would be easier, but that wasn't an option.

 

[ZippyPeanut]

In my experience with this virus, I used Malwarebytes to get rid of the virus and then I used shadow explorer to get back the files. A system restore would be easier, but that wasn't an option.

I'm very curious about this. First, I wonder how shadow explorer can get back encrypted files. And why wasn't a system restore an option? (In the past, I have removed non-encryption ransom ware via a simple system restore. But my understanding of cyptolockers is that once the files are encrypted, nothing but the key will unlock them.)

 

[rgd1101]

there option on the shadow copied that would backup your files.

 

[hang-the-9]

Take a look here http/www.bleepingcomputer.com/forums/t/543518/decryption-keys-are-now-freely-available-for-victims-of-cryptolocker/

 

[trog7777]

In my experience with this virus, I used Malwarebytes to get rid of the virus and then I used shadow explorer to get back the files. A system restore would be easier, but that wasn't an option.

I'm very curious about this. First, I wonder how shadow explorer can get back encrypted files. And why wasn't a system restore an option? (In the past, I have removed non-encryption ransom ware via a simple system restore. But my understanding of cyptolockers is that once the files are encrypted, nothing but the key will unlock them.)

For a start , some of these encryptor virus actually destroy the restore points, and delete the shadow volume !
So once they hit - you're up the creek without a paddle, if you don't have any recent backups, which weren't connected to the computer at the time of infection ! - because these malicious file destroyers will infect Every drive or usb storage within shouting distance - that is - All and every drive - whether physically connected or networked, even unmapped, Will be corrupted.! ... You can remove the Virus, but getting the files back is very hit and miss.
I have just seen the damage of this nasty on a friends business computer. and No unfortunately they didn't have a recent backup of the essential docs and other files - and No the shadow files were 95% unusable !