[Pontas]

Hello! It is possible to recover after crypt0l0cker ransomware attack? My wife's laptop was hit yesterday and now all family photos and videos are locked. As I understood there are for at least 2 ways - to pay hackers and not to pay? No other way out? And it is safe to pay hackers? Can they dupe me?

[tgp]

We have gotten computers in at work that were hit with Cryptolocker. I don't recall any of our customers ever choosing to pay the ransom. From what I've heard, it is a crapshoot as to whether or not they will actually unlock them for you even when you pay the ransom. It might work; it might not.

It is easy enough to reinstall Windows to get rid of the virus on the machine, but obviously this doesn't help with data recovery.

[zocster]

https://www.bleepingcomputer.com/for...ed-your-files/

Go through that, definitely don't pay, invest in some protection instead, for future.

[AndyCalling]

WARNING! If you pay, the hackers will almost certainly let all their chums know you are a soft touch and you will become a target for every hacker who uses the same forums the current holes who are giving you grief use. NEVER pay people who extort money out of you because, whatever they are holding over you, you'll never be able to stop paying. That's how extortion works.

[midnightfrolic]

It is a hit or miss with paying the random. Best bet is to cut your losses and full restore. Take unit to reputable repair shop and ask them to check for shadow copies of your files. But that's rarely enabled. Even if so, not all files are copied.

Data recovery firm may be able to do it also.

[AndyCalling]

Originally posted by midnightfrolic
It is a hit or miss with paying the random. Best bet is to cut your losses and full restore. Take unit to reputable repair shop and ask them to check for shadow copies of your files. But that's rarely enabled. Even if so, not all files are copied.

Data recovery firm may be able to do it also.

No, it is not 'hit or miss'. Marking yourself out to be a victim now and in the future has no up side. It is simply 'miss or miss'.

Do not pay. The only way to recover your data is to guess their password. If they are inept then a dictionary attack may work, but I doubt it. Better to wipe, and recover data from your backup. If your data was not backed up then it was likely not valuable enough to matter, or you've learned a lesson and won't get caught without a backup again. Either way, this is the best outcome you can expect at this point.

[trstick1]

After you wipe the hard drive and reinstall the operating system, go to ransomfree.cybereason.com and download the free product RandomFree which blocks randomware virus.

[Pontas]

Thank you all for answers. I'll try to find data recovery professionals.
But I have one more question about manual removal guides like this - http://manual-removal.com/crypt0l0cker-2017/ from Google search. It is possible that SpyHunter tool can help to recover encrypted files? Or it is another fraud?

[zocster]

it's a fraud

[AndyCalling]

In all likelyhood there will be no way to get your data back via 'professional' or otherwise, unless you have a backup. Almost certainly this will be a public key encryption, which means that without the private key the criminals have, a 'professional' would need access to a major super-computer for a significant amount of time. And they still would probably fail. If you work for GCHQ then you might have an angle, but otherwise give up before some 'professional' takes a lot of money from you for an eventual lost cause. Horrible though it is, your data is gone. All you can do now is wipe and learn to keep backups. Sorry, but to say otherwise is to mislead. Forget suggested protection software, if you back up properly there's no point.