0

BitCryptor has encrypted my files. I have backups of mostly all my files. But I'm curious if I can decrypt my files without paying the ransom.

Arjan
  • 30,974
  • 14
  • 75
  • 112
jortiexx
  • 149
  • 2
  • 8
  • 1
    Sorry but there's no way I'm following a link to an obfuscated URL in a question that's asking about ransomware. – David Richerby May 12 '15 at 10:08
  • 1
    @DavidRicherby - the URL is a picture, it's safe. OP: Without backups = no chance. – Kinnectus May 12 '15 at 10:09
  • It's unlikely you can access your files without paying to decrypt them. The original files are destroyed and the encryption used as stated in their own text is AES-256 which isn't crack-able. This is a new variant of Cryptolocker. You can read more on the bitdefender site: http://labs.bitdefender.com/2013/10/cryptolocker-ransomware-makes-a-bitcoin-wallet-per-victim/ – Nikewatch May 12 '15 at 10:25
  • Possible duplicate of [Excel,word,pdf files got encrypted by ransomware](http://superuser.com/questions/723600/excel-word-pdf-files-got-encrypted-by-ransomware)? – Karan May 12 '15 at 20:58
  • Not a duplicate. Completely different ransomware. – Lawrence May 13 '15 at 02:01
  • 2
    Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – fixer1234 Sep 14 '16 at 00:57

2 Answers2

1

Small chance it's related (but the screenshot looks alike) and even then: very small chance this will help. But the Dutch government and Kaspersky Lab have found some decryption keys for "CoinVault ransomware" that is worthwhile to know about; see https://noransom.kaspersky.com:

Are you a ransomware victim? The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab have been working together to fight the CoinVault ransomware campaign. During our joint investigation we have been able to obtain data that can help you to decrypt the files being held hostage on your PC. We provide both decryption keys and the decryption application. For more information please see this how-to. Please note that this is an ongoing investigation and new keys will be added in the future.

Just in case in the future more keys are recovered: when copying the encrypted files also make sure you copy the Bitcoin wallet address, as that will be needed to search for decryption keys.

Arjan
  • 30,974
  • 14
  • 75
  • 112
  • @Arjian - Sadly. Coinvault and this ransomware is different enough that finding decryption keys for Coinvault won't be helpful to the user. – Ramhound May 12 '15 at 10:58
  • Also, @Ramhound, only a limited number of keys have been recovered. (Still then, it's good to make future visitors aware of the small chance, though I guess victims of new hijackings will not benefit from keys that were found in the past either...) – Arjan May 12 '15 at 11:25
0

Unfortunately, there is no way to decrypt files encrypted by BitCryptor. This is a CoinVault variant that uses AES encryption. The keys are generated and stored on the C2 server.

I did a full writeup on this ransomware today:

http://www.bleepingcomputer.com/forums/t/575991/bitcryptor-ransomware-in-the-wild-from-the-same-creators-as-coinvault/

Lawrence
  • 68
  • 4