Ransomware Decryption Scam


Ransomware Decryption Scam

Be on the lookout for scams offering ‘cryptolocker decryption tools’ like this one being promoted under the cover of a brand name registry cleaner. Remember, cryptolocker malware can be removed but once encrypted – your files are at the mercy of the bad guys.

Beware Spam Emails Claiming to Offer Anti-CryptoLocker Tools

PC users have been warned about a new phishing scam that falsely claims to offer people programs that will combat the Cryptolncker ransomware. The email is written in a casual and friendly manner. It asks if you have a Cryptolocker infection, then advises you to ‘Use the tool attached to decrypt your files!”, before wishing you “Good Luck!’’.

Downloading the attachment – a tool called ‘cryptolocker file de.exe’ installs RegistryCleanerKit, a legitimate piece of software made by Malta-based company Uniblue. It then scans your Registry (see screenshot), before showing you how many problems it has ‘found’. To fix the errors you need to buy the software.

At no point does it attempt to decrypt files locked by CryptoLocker. We asked Uniblue whether it was aware its software was seemingly being used as part of a scam, but at the time of going to press had not heard back.
— By Vikas Chandra Pandey | easytuts4you.com | 6/25/2014

Is it possible to decrypt files encrypted by CryptoLocker?

Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. More information about how to restore your files via Shadow Volume Copies can be found in this section below.

If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.
bleepingcomputer.com

175 total views, 1 views today

(Visited 93 times, 1 visits today)

10 thoughts on “Ransomware Decryption Scam

  1. I have regarded UNIBLUE as suspect for many years and avoid anything that has their name attached.
    I gather you regard them as legitimate and that’s your perogative.

    regards elliot

  2. As far as I am aware, none of the current anti-virus software will fully protect against ransomware, in any case, any security software is only as good as its first failure.

    For all kinds of reasons, keeping an up to date disk image is about as secure as it comes at the moment, there are a couple of free products that do a good job, personally, I use ToDo Backup from EaseUS, available at http://www.todo-backup.com/products/home/free-backup-software.htm

    What I particularly like about ToDo (apart from the fact that it is FREE) is that the rescue medium can be built on a USB flash memory stick, very useful for netbooks without a CD/DVD drive.

    I keep my last three backups (grandfather/father/son) on an external hard drive and a copy of the latest image on a separate partition on my internal drive for faster access should I need it.

    Once I have created a new system backup image I then delete the oldest image from the external drive and the previous image from the internal drive.

    Of course, the “internal” image is potentially vulnerable since it is permanently connected to my PC (hence the need for “external” images).

    This strategy guards not only against ransomware but also against losing my system in the event of a hard disk failure and the need to create a new disk.

    However, the first line of defence is to do as Gilbert L Jones said above “Be careful online!” – an ounce of prevention is worth a pound of cure.

  3. The deviousness of these cryptolockers has no limit. It seems to me the simplest answer is to keep two backups going and alternate them. Always have one of the backups disconnected from the computer. Not dificult to do or expensive with availability of large capacity external drives. Do you see any problems in this?

  4. This pathticker.net keeps coming up.
    Its like a pop-up.
    I have ran the scan and it has not solved the problem.
    Please advise.

Leave a Reply

Your email address will not be published. Required fields are marked *