November 15, 2013 in Malware
Here’s an interesting email I just received by Chief-01 from deviantart.com:
“My friend’s company got hit by Cryptolocker and they bought the key, but their computers got moved around before they paid and not all the files got decrypted because the registry paths to the files were no longer valid.
I wrote a python script to take care of the missed files for them. As long as you have the private key this program will take care of the rest. I figured you can look it over to verify it’s legitimacy and maybe host it on your website since my deviantart isn’t likely to get seen by people with this issue.
the program is here http://chief-01.deviantart.com/art/Crypto-Unlocker-413774308”
FYI, NO I have NOT vetted this product, but note that it is open source, so if you are familiar with Python you can scan the source yourself if you wish.
If you didn’t actually READ it, NO this will NOT decrypt your files if you have NOT paid the ransom.
Also, I am NOT advocating paying the ransom by posting this, just wanted to let people know that if you DID pay the ransom and your files did NOT get decrypted due to not being in the same location as they were when they were encrypted, but you DO have the private key, then MAYBE there is hope through utilizing this tool.
It appears that this tool requires an installation of Python v3.3 (or better?)