After opening a malicious attachment in an email sent by cybercriminals, your files may crypted by the ransomware named Cryptolocker.
The Crypt0L0cker ransomware encrypts all files on your computer by adding either a random extension of 6 characters after the name of the file and other times extensions defined as .encrypted and .vendeta. It leaves ransom note files named DECRYPT_INSTRUCTIONS.html and DECRYPT_INSTRUCTIONS.txt with the instructions to explain victims how to pay a ransom to hackers to get their data recovered.
Our decryption experts with the help of Dr.Web often manage to recover files after encryption by Cryptolocker ransomware.
To request a decryption of your compromised files by the Crypt0L0cker ransomware, please contact our decryption service at firstname.lastname@example.org by sending with www.wetransfer.com :
HOW_TO_RESTORE_FILES.txt | HOW_TO_RESTORE_FILES.html or _READ_THIS_FILE_xxx.txt | !#_RESTORE_FILES_#!.inf DECRYPT_INSTRUCTIONS.txt | DECRYPT_INSTRUCTIONS.html or _xx_HOWDO.txt, etc...
This service is free of charge for infected machine running with a Dr.Web antivirus license at the time of encryption. For computers equipped with another IT security solution, a contribution to the analysis and decryption costs may be requested only if the complete decryption of the files is feasible. Do not hesitate to contact our decryption service at email@example.com.
French version of this article : click here.
Formulaire de contact pour les ransomwares : https://adc-soft.com/decryptage/ransomware.php
ADC-Soft | 18bis, rue de l'Est - 92100 Boulogne-Billancourt (France)
Partenaire officiel de Dr.Web | Twitter: @Emm_ADC_Soft