Quick CTB-Locker question. Ransomeware?

[Compman55]

I am working on a computer that got hit by the CTB-Locker ransomeware virus. The hard drive with all the personal data on it got encypted. Would there by any benefit in replacing the hard drive and storing the infected one for some day in the future that a decryption tool becomes avail? The info is not urgent right now, but if within 6 months to a year it could be recovered this would be preferred.

If there is absolutly no chance, I will just reformat.

 

[John Connor]

Hitman Pro might be able to recover the encrypted files, I think.

But if that doesn't work then I guess it wouldn't hurt keeping the contents of the drive around.

 

[Compman55]

What I am trying to get at, is I have two choices, format and reinstall. Or yank the drive and put it on a shelf, and install a new one. I would just like to know if there is likely to be a tool in the future. I do not study up on this stuff, so I don;t know the success rate of tools coming out in the future.

 

[compman25]

Hitman-Pro can't decrypt files encrypted by CTB, you might be able to use volume shadow copies of your files to restore them if CTB didn't delete them.

 

[TuSpockShakur]

I saw one of these infections today and was able to easily remove it. I was luckily able to recover the encrypted files using the "Previous Versions" method. The 1st link to "ListCWall 1.2" was able to identify all the encrypted files. The 2nd link goes in to detail about removal and file restoration.

http://www.bleepingcomputer.com/download/listcwall/

http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information#list

 

[Elixer]

I am working on a computer that got hit by the CTB-Locker ransomeware virus. The hard drive with all the personal data on it got encypted. Would there by any benefit in replacing the hard drive and storing the infected one for some day in the future that a decryption tool becomes avail? The info is not urgent right now, but if within 6 months to a year it could be recovered this would be preferred.

If there is absolutly no chance, I will just reformat.

No backups at all ?

Sure, there is always a chance that someone might have a decrypt tool available.
I guess it depends what version of the malware, and if they left a key on the HD already or not.

However, I wouldn't get my hopes up, consider it a lesson learned.

 

[MustISO]

I would format it and let it be a hard lesson for the user. Maybe next time they'll have a proper backup system.

 

[John Connor]

I would format it and let it be a hard lesson for the user. Maybe next time they'll use Sandboxie.

FTFY.

 

[Fardringle]

Sandboxie is not a fix for everything, and certainly is not a replacement for a good backup plan.

 

[Compman55]

CTB-Locker has won this hard drive!

System restore was turned off by default, and there were no previous volume shadow copies. I blame dell for this, it should be turned on by default. Most average users do not know to check this. I am quite certain this would have provided at least a partial recovery.

Hitman po = nothing
Various Cryptolocker decypter tools = nothing
Piriform Reccua = recovered gibberish
Photorec = recovered lots more gibberish

Overall this is the worst one I have worked with, and there are lots of people out there not backing up properly that are going to loose a liftime of data. Other ransomeware, malware, etc are just annoying. This is real!