New PClock CryptoLocker Ransomware discovered

Dear friend it is some time from last update, but i want to ask if somebody dont know if it is still not possible to unlock the files from this kind of ransomware?

I have still backed up the data from from 2017, for case of some new possibilities.

This is the text from the note:

Edited by brajner, 15 January 2020 - 06:11 AM.

No updates that I am aware of... still not decryptable.

No updates that I am aware of... still not decryptable.

Thank you for your answer!

Edited by brajner, 17 January 2020 - 09:05 AM.

You're welcome.

Hey guys,

I am sure, there still no way of decryption, right?

I am now waiting for 5 years, since all my personal photos have been encrypted by this sort of malware.

Wouldn't this have been time enough for trying a brute force decryption?

Does someone know how long brute force decryption could take? Is there a software available for that?

Thanks to all!

Hey guys,

 

I am sure, there still no way of decryption, right?

 

I am now waiting for 5 years, since all my personal photos have been encrypted by this sort of malware.

 

Wouldn't this have been time enough for trying a brute force decryption?

 

Does someone know how long brute force decryption could take? Is there a software available for that?

 

Thanks to all!

Same here... I have been waiting for 5 years now with all my encrypted personal files.

All crypto malware ransomware use some form of encryption algorithms and most of them are secure. Thus, the possibility of decryption depends on what algorithm the creator utilized for encryption, the type and strength of encryption, the thoroughness of the malware creator, discovery of any flaws and sometimes just plain luck. Reverse engineering the malware itself does not guarantee experts will be able to crack it especially if there isn't a known flaw. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique for each victim and generated in a secure way that cannot be brute-forced.

Brute forcing involves systematically checking all possible key combinations until the correct key or password is found. The key length used in the encryption determines the practical feasibility of performing a brute-force attack...longer keys are exponentially more difficult to crack than shorter ones. Brute forcing the decryption key is not a feasible option (not possible) with current technology and quantum computers, due to how the keys are generated using complicated math operations, an infinite number of possibilities to try and the length of time required to break an RSA or AES encryption key.  

Ransomware Encryption: The math, time and energy required to brute-force an encryption key

• Encryption 101: How to break encryption
• How secure is AES against brute force attacks?
• How Safe is AES Encryption?
• Time and energy required to brute-force a AES-256 encryption key
• The Math Behind Estimations to Break a RSA 2048-bit Certificate
• How to estimate the time needed to crack RSA encryption?
• How long would it take to break a 1024 bit OpenPGP encrypted email?

According to Emisoft's CTO, Fabian Wosar

...reverse engineering...without having discovered a flaw would require access to a quantum computer that is capable of running Shor's algorithm. The highest number ever factorized using said algorithm and quantum computers is 21, which is just short of the 307 digits that would be required to break Dharma."

Dr.Web: Encryption ransomware - Threat No. 1

According to Doctor Web’s statistics, the probability of restoring corrupted files is roughly 1%...That means that most of user data has been lost for good!.

Hi. 12/22/2016 caught the virus PClock i don't know which version. I reinstalled windows. What can I do now to recover files and find out which version PClock? I guess the version 3 or 4

PClock (and PClock2) is a Cryptolocker copycat that does not append an obvious extension to the end of encrypted data filenames, use a filemarker or always leave a ransom note making it difficult to identify. If PClock drops a ransom note, it will have names like Your files are locked !.txt and Your files are locked !!!!.txt. When PClock encrypts data, it will store the list of encrypted files and malware executables locally in the following locations.

%APPDATA%WinDskwindsk.exe – The malware executable
%APPDATA%WinDskwindskwp.jpg – The wallpaper generated by the malware
%DESKTOP%CryptoLocker.lnk – A shortcut to the malware executable
%USERPROFILE%enc_files.txt – The list of encrypted files

These are some examples.

 sysgop.exe
 syspoz.exe
 sysras.exe
 wposys.exe
 gadsys.exe
 wxdsys.exe
 en_files.txt
 en_gfiles.txt
 wp.jp

The Emsisoft PClock Decrypter created for earlier variants will not work for later variants. Fabian explains why in Post #987. Also read...We released a blog post about the newest variants and why we are unable to help.

But what does the enc_files.txt list look like, can I try to create it myself manually? I probably won't find a ransom note because I reinstalled windows

Every files the malware tries to encrypt is recorded within a file named “enc_files.txt” located in the victim’s profile folder.

• PClock Ransomware Support and Help Topic