Ransomware Decryption Scam
Be on the lookout for scams offering ‘cryptolocker decryption tools’ like this one being promoted under the cover of a brand name registry cleaner. Remember, cryptolocker malware can be removed but once encrypted – your files are at the mercy of the bad guys.
PC users have been warned about a new phishing scam that falsely claims to offer people programs that will combat the Cryptolncker ransomware. The email is written in a casual and friendly manner. It asks if you have a Cryptolocker infection, then advises you to ‘Use the tool attached to decrypt your files!”, before wishing you “Good Luck!’’.
Downloading the attachment – a tool called ‘cryptolocker ﬁle de.exe’ installs RegistryCleanerKit, a legitimate piece of software made by Malta-based company Uniblue. It then scans your Registry (see screenshot), before showing you how many problems it has ‘found’. To ﬁx the errors you need to buy the software.
At no point does it attempt to decrypt ﬁles locked by CryptoLocker. We asked Uniblue whether it was aware its software was seemingly being used as part of a scam, but at the time of going to press had not heard back.
— By Vikas Chandra Pandey | easytuts4you.com | 6/25/2014
Is it possible to decrypt files encrypted by CryptoLocker?
Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. More information about how to restore your files via Shadow Volume Copies can be found in this section below.
If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.