Location:
State:
Carrier
Country
Status

Encryption of personal files with CTB-Locker




So my friend has this problem and i would like to give him good advice.

Anyone here that had this problem before?

My friend is on Windows 10.

Thanks

jeff

Looks like your link is good advice. Remove the virus and restore your files from backup. If you haven't any backup you have to decide whether to risk paying the ransom or not as you can't decrypt the files. I wouldn't pay for sure.

Well Halasz,

He did take B-U's on another computer which is infected too.......

He also bought already another drive where everything has to be put on again, except his photo's of his children, which are gone.

Does not want to take the risk, that even formatting the drive would not erase everything.

Even System Restore did not work.

Jeff

That is really unfortunate. System restore wouldn't work, no - restore points only hold OS data - not backups of personal files. I'm afraid that there isn't really a solution. You wouldn't want your name on their list of people who pay ransoms I don't think.

Well Halasz,

i have enough back-ups taken everyday to avoid that.

But my friend did only take one....

It was a long shot to ask it , since he already had taken his pc to a store and they could not help him either.

But thanks

Jeff



So my friend has this problem and i would like to give him good advice.

Anyone here that had this problem before?

My friend is on Windows 10.

Thanks

jeff
Hi.
Here are instructions for removing CTB Locker.

Please be absolutely surethis is what you have, and not some other encryption software, because some of them have been cracked, and people have been able to get their files back without paying.

I would not pay any ransom. There is a good chance that you will just lose the money.

Please have your friend backup his encrypted files/photos to a spare drive and store it away, in case something breaks in the future. Find the threads at BleepingComputer which address his particular infection, read them thoroughly, and subscribe to them for future updates.

Install CryptoPreventto help thwart these encryption infections in the future, in addition to your normal anti-virus.

It appears that when CTB Locker encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you can may be able to use a file recovery software such as R-Studio or Photorec to recover some of your original files. It is important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.

Thanks Simrick,

yes i told him to use an external USB drive AND a USB-stick. He can plug in the stick, take the B-U, remove the stick.

So then he has 2 B-U's. He can let the B-U program run, to put his photo's and so one on the server he has. This as an extra.

No he is not going to pay and he showed me the problem.
It is the CBT Locker.


They should put them in jail for that.

Jeff

Thanks Simrick,

yes i told him to use an external USB drive AND a USB-stick. He can plug in the stick, take the B-U, remove the stick.

So then he has 2 B-U's. He can let the B-U program run, to put his photo's and so one on the server he has. This as an extra.

No he is not going to pay and he showed me the problem.
It is the CBT Locker.


They should put them in jail for that.

Jeff
Hi Jeff,
Did you see the info in my post #7 above? He may be able to run a file recovery program to get some of his deleted files back. It's worth a shot.

Yeah, these rats should be in jail!

Not that it helps now, but in the future consider making a system image on a regular basis & keep it on an external drive that is not always connected to the PC/Laptop. Locker viruses are widespread now & the a system image is a good safeguard. Keep 3 or 4 prior backups in case you inadvertently make one with a virus.

System Image - Create in Windows 10 - Windows 10 blog

Even if you do pay the ransom, there is no guarantee you will get the decryption key.

Encryption of personal files with CTB-Locker