I wish you luck (sounds like you're going to need some)! Since AES and 3DES are symmetric encryption methods, the same randomly-generated key that was used to encrypt the file is also used to decrypt the file. Using the private key to decrypt that encrypted key value would then get you the key used to encrypt the file in the first place. The value of that key is what I suspect is the encrypted value of the random key that was used in encrypt the file in the first place. If my suspicions are correct, this key will be listed in the windows registry under HKEY_CURRENT_USER\Software\CryptoLocker\Files (further detail on Cryptlocker can be found here: Opens a new window ,) The registry entry you're looking for will be named the same as the full path of the file but with question marks (?) in place of the backslashes (\). If you truly have the private key, then you will need to get your hands on the encrypted random key used to encrypt the file. They've been suggesting online not to pay it (probably because the people the money is going to are likely pretty shady characters which will use it towards not very nice ends), but it looks like you didn't have much choice in the matter.įrom what I've read, Cryptolocker uses a RSA-1024 key to encrypt the randomly-generated key that is used to actually encrypt a given file using another separate encryption algorithm (sites I read have mentioned using either the AES or 3DES, think it depended on the specific strain Cryptlocker). Sorry to hear that circumstances led you to having to pay the ransom.
0 Comments
Leave a Reply. |