Retrieve Encrypted Files from a CryptoLocker Infection

Ransomware viruses like the notorious CryptoLocker are a nightmare,
with your files being held indefinitely, with data recovery very hard

Retrieve Encrypted Files from a CryptoLocker Infection

CryptoLocker is a file-encrypting ransomware, and when it infects your machine, it encrypts the contents of the hard drive using RSA-2048 key, before demanding payment to decrypt the data. Unfortunately, data recovery can be next to impossible without the key.

Malware that encrypts your data and then demands a ransom to decrypt it isn’t a new thing by any means; one of the earliest examples of malware written with the sole aim of making money was the AIDS Information Trojan of 1989. 90 days after infection, the data on the infected machine’s hard drive would be scrambled, and a ransom of $378 demanded, to be sent to an address in Panama. Fortunately, the malware was poorly made, scrambling the data in the same way on every machine it affected; free data recovery tools to quickly remove the malware was soon released.

Unfortunately, the perpetrator behind the CryptoLocker ransomware hasn’t been so careless. The malware is distributed via spam emails which contain infected attachments or links. Often, cyber-criminals forge email header information, making the email look legitimate. By passing of as, say, your bank or a shipping company, and tricking you into clicking a link or attachment, the ransomware has infected your computer.

The CryptoLocker ransomware targets all versions of Windows, including Windows 7, 8 and 10. The malware is particularly troublesome because it uses AES-265 and RSA encryption method, which means the user has no choice but to purchase the private key to decrypt their data. When the ransomware is first installed, it creates a randomly named executable file in the AppData folder. The executable will be launched, and it will begin to scan the drives connected to your machine for files to encrypt. The ransomware specifically searches for certain file extensions to cause the most damage, typically ones crucial to productivity like .doc, .docx, .pdf and .xls, but also media files like .mp4, .mp3, .avi and .m4a. Each file will then be encrypted and changed to the .CryptoLocker format.

Once the files on your hard drive are encrypted, CryptoLocker will create a .txt file with a ransom note in each folder where encrypted files are stored. In these text files will be instructions on how to decrypt your files, which will typically cost you $1300, or 2.05 Bitcoins, including a link to the payment site. It isn’t possible to decrypt your hard drive’s files without this encryption key, because of the AES-265 and RSA encryption method. So what can you do to get your files back?

Well, you have several options. Brute forcing the decryption key isn’t realistic, due to the amount of time required to break an AES encryption key. The easiest thing to do is restore your files and folders from a backup, which you should always keep. Many people, however, don’t. To add to this problem, as many people keep their backup drive connected to their machine constantly, the CryptoLocker program may have infected that, too.

If you don’t have a working backup of your data, it may be possible to recover previous versions of the encrypted files via their shadow copies. Shadow copies are created by Windows as snapshots to be reverted to in the event of a System Restore. To see if you can use shadow copies to restore a file, right click on it, and select ‘properties’. In the properties window, select the ‘previous versions’ tab. You will then see a list of all the previous versions of the file, and can restore the most recent. To restore these files in bulk, you can perform a System Restore to take your machine back to a point before the infection.

data recovery

Categories

Cloud Storage (1)

Computer Forensics (2)

Data Recovery (87)

Data Recovery Specialists News (1)

Data Security (3)

Hard Drive Data Recovery (2)

Mobile Phone Recovery (1)

RAID Data Recovery (21)

SSD Data Recovery (4)

Technology (79)

Free Diagnosis

"Our free hard drive data recovery evaluation service will tell you whether your data can be recovered, exactly how much it will cost and how long the data recovery will take. Simply phone or email us for a job number and send your data recovery to us. Your hard drive or media will be photographed, catalogued and bar-coded and the data recovery evaluation will start within an hour of receipt."

Listing Of Recoverable Files

"Once in the laboratory, your media will undergo a comprehensive data recovery evaluation to determine the extent of the data loss. We aim to complete this process within 24 hours depending on the complexity of work involved. The engineers will provide a no obligation recovery prognosis, with a guaranteed list of recoverable files and an estimated timescale. You can then decide whether to proceed with the recovery. Should you choose not to proceed, we will return your media by secure data courier."

Completing the Process

"Should you choose to proceed, the data recovery process will be completed and the data will be safely stored on our servers. We will then copy out the data to your preferred choice of output media - either 64Gb memory stick or HDD (for purchase or loan). Your data will be dispatched on our secure, next day courier service. Once you have received your data any copies of your data will be permanently and securely erased from our servers after 7 days."

Established and Trusted

"40 years experience in the data recovery industry chairing ISO and BSI standards, we have developed a reputation for excellence at a price that is affordable. With extensive data recovery research and development capabilities, our success rates are second to none - without compromising on our prices! This is why over 36,000 companies and individuals come to us every year."

Safeguarding Your Data

"Your data is important to us, which is why all our data recovery procedures comply with the Association of Chief Police Officers Guidelines and Civil Procedure Rules for handling electronic evidence. Great care is taken when recovering and handling your data to ensure that its integrity is maintained and that there is a clear audit trail through the entire data recovery process."

Industry Leading Diagnostics

"Our data recovery laboratory completes over 120 successful recoveries every day from clients including the British Petroleum, NHS and EDF Energy. With ISO 27000 (Information Security) and ISO 9001 (Quality Management) accreditation - we are a data recovery company you can rely upon! Class 100 clean rooms, specialised platter removal jigs and software applications allow us to provide the most comprehensive service in the industry."

"Absolutely fantastic"

"Absolutely fantastic customer service from a very professional, efficient and friendly team. They are great at communicating findings and keeping you up to date with recovering any lost data. We had a corrupt video file recovered using the express service and the work was completed very quickly. I highly recommend using Data Recovery Specialist and rate the service and experience a 10/10"
Will Lloyd
Five Star Review

"Service I received was great"

"The data recovery service I received was great. They were very clear from the outset about what may and may not be possible and what the cost would be. From my device being collected by a courier, to a new device being sent back to me only a matter of days later, they were in touch every step of the step way to let me know what was happening. "
Lucy Owen
Five Star Review

"I found the service easy use"

"I found the service easy use. The recovery of my data was carried out extremely efficiently. It wasn’t cheap but the cost included a new Hard Drive. The issue for me was the recovery of my photographs, some of which were really irreplaceable. Everything I needed was carried out and the data was returned to me on the new hdd in a manner that followed my own distribution."
Martyn Webster
Four Star Review

"Delivered in the timescales promised"

"The service from start to finish was excellent. Before contacting DRS I had been advised I needed their type of specialist service. The technical service and customer service was always top class, everything was delivered in the timescales promised. It was expensive but it recovered the irreplaceable and that, in its way, is priceless."
Martin Goff
Five Star Review

"I would definitely recommend them"

"My external hard drive failed and the local company I tried couldn't retrieve anything from it. I found Data Recovery Specialists through an online search and they responded to my initial query very quickly. I sent my hard drive to them and they were able to recover all my data very quickly, keeping me informed of what was going on the whole time. Great service and I would definitely recommend them."
Lorraine Bunce
Four Star Review

"Would recommend to anyone"

"Excellent service, I felt completely at ease sending my hard drive to be fixed with Data Recovery Specialists. Would recommend to anyone needing help salvaging their hard drives."
Jemima le Sueur
Five Star Review

"Helped me retrieve the data"

"I had a damaged external hard disk that my local computer shops were unable to repair. Data Recovery Specialist help me retrieve the data quick. It's not a cheap service but it works and the data recovered was far more valuable than the repair cost. "
Music Law Contracts
Four Star Review

"Quick and professional service"

"I had dropped my external while it was spinning so did huge amounts of damage. I contacted several companies and opted for DRS. They were very quick with communication, explained everything for someone who’s not terrifically technically minded and put it all in writing as well. Collection of my device was simple, the turn around time was quicker than I expected and they kept me informed right through the process. Really pleasant and professional company. If I do break something, they would be my first port of call, but I’m hoping I won’t!"
Alex West
Five Star Review

"Fantastic job"

"The guys did a fantastic job in recovering my very important data. My interaction with Daniel Rees was very good, he was honest with what he could do to recover my very important Data. I also found their customer service department especially Roger a pleasure to deal with. My only real concern is that I found the company to be too expensive, however I scored them a 5 star as they recovered 100% of my very important Data."
Richard Daniel
Four Star Review

"Recovered my precious data"

"The guys at Data Recovery were excellent, especially Daniel Rees and Roger from customer service, who throughout my interaction with them kept me informed and were honest with regards to what they could do to recovery my precious data. They were very expensive but I've given them 5 stars as they manage to recovery all 100% of my data."
Ricky Daniel
Five Star Review

"The best in data recovery"

"After a bad experience with my local computer shop who had my dead hard drive for a week and said the data could not be recovered, I sent my hard drive to Data Recovery Specialists. Rapid, amazing service. Had a report of files available in 24h and 100% of data was recovered from hard drive. These guys are the pros! "
Michael Paterson
Five Star Review

"The data recovery service was first rate"

"The data recovery service was first rate from start to finish. My hard drive was collected quickly by a pre arranged courier service and returned quickly in the same manner.I was kept informed by telephone at all parts of the recovery and all my data was returned.I can fully recommend this company to anyone."
Cecilia Gregson
Five Star Review

PAGES

Home
About
Services
Questions
Insights
Contact
Cookies Policy
Complaints Policy
Privacy Policy
Returns Policy
Data Protection Policy
Terms And Conditions

SERVICES

Hard Drive Recovery
RAID Recovery
SSD Recovery
USB Recovery
Virus Recovery
Android Phone Recovery
iPhone Recovery
Hard Drive Repair
SD Card Recovery
Computer Forensics
Tape Migration

GET IN TOUCH

Name

Email

Telephone

Message

0800 223 0162
sales@datarecoveryspecialists.co.uk

Embassy Offices, Stangate House, Stanwell Road, Penarth, Cardiff CF64 2AA

Southbridge House, Southbridge Place, Croydon CR0 4HA

272 Bath Street, Glasgow G2 4JR

Clavering House, Clavering Place, Newcastle Upon Tyne NE1 3NG

Rodney Chambers, 40 Rodney Street, Liverpool L1 9AA

2 King Street. Nottingham NG1 2AS

Enterprise House, Ocean Village, Southampton, SO14 3XB

Blackwell House, Guildhall Yard, London EC2V 5AE

Data Recovery Services Ltd
Registered Number 04417876
VAT Number 803 1178 66

Website by IT Pie – web design Cardiff

Contact Us!

To speak with one of our Sales Team call us on:
0800 223 0162
Alternatively enter your details below followed by your enquiry and one of our team will get back to you.

Quick Enquiry

Retrieve Encrypted Files from a CryptoLocker Infection