Cryptolocker Malware Decrypter
https://www.ispeech.org/text.to.speech
Locker is probably one of the worst malware “in-the-wild” today. It is a variant of Cryptolocker family of malware, and so called ransomware, which encrypts victim’s important files (such as photos and documents) based on file extension.
On May 30th,
The document describes the format used in the encrypted files so that one can decrypt the files, assuming that the encryption key is known.
Also a
containing all the RSA-keypairs and bitcoin addresses for ransom payments was posted on Mega
[adsense size='1']
Dependencies
This tool requires Python 2 (tested with 2.7, Python 3 does not work as someone would need to port the rijndael.py).
- untangle
- pycrypto
How to decrypt files ?
First you have to dig either RSA public key or Bitcoin address from vitcim’s computer. The files containing relevant information typically reside in C:\ProgramData\rkcl directory.
- data.aa0 – Contains list of encrypted files
- data.aa6 – Contains the bitcoin address
- data.aa7 – Contains the public key
Use either RSA public key or Bitcoin address to find the private key from the csv-file referred above and to save it to file private_key.xml:
grep [BITCOIN ADDRESS HERE] database_dump.csv | sed -e 's/.*,.*,//g' > private_key.xml
Then run the tool in a directory where you want to decrypt your files:
lockerdecrypter.py <private_key.xml> <directory_to_decrypt>
The tool automatically tries to determine which of the files were actually encrypted and which were not.
[adsense size='1']
Cryptolocker Malware Decrypter on GitHub
git clone https://github.com/mikatammi/locker_decrypter.git
Source && Download
Gloss