I have procured new torrentlocker encrypter samples.(encoder.761)
Where can be downloaded?
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
Dr.Web quietly decrypting TorrentLocker for paid customers or distributors
Started by
Grinler
, Aug 21 2015 03:30 PM
56 replies to this topic
#46
rpoll
-
- Members
- 2 posts
- OFFLINE
- Local time:02:19 PM
Posted 01 January 2016 - 04:01 PM
Back to top
#47
crisis2k
-
- Members
- 121 posts
- OFFLINE
- Gender:Male
- Local time:02:19 PM
Posted 01 January 2016 - 04:15 PM
I have procured new torrentlocker encrypter samples.(encoder.761)
Where can be downloaded?
It is only for Researchers. are you one of the researchers?
Risk is your own. do you wanna download encoder.761 encrypters for research?
Happy New Year rpoll.
My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help 
#48
rpoll
-
- Members
- 2 posts
- OFFLINE
- Local time:02:19 PM
Posted 01 January 2016 - 07:31 PM
I have procured new torrentlocker encrypter samples.(encoder.761)
Where can be downloaded?
It is only for Researchers. are you one of the researchers?
Risk is your own. do you wanna download encoder.761 encrypters for research?
Happy New Year rpoll.
Ops, i read decrypter...
#49
xXToffeeXx
-
- Malware Response Instructor
- 6,088 posts
- OFFLINE
Bleepin' Polar Bear
- Gender:Female
- Location:The Arctic Circle
- Local time:02:19 PM
Posted 02 January 2016 - 06:16 AM
Any new samples should be uploaded here, so the staff can look into them.
xXToffeeXx~
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here
~Twitter~ | ~Malware Analyst at Emsisoft~
#50
crisis2k
-
- Members
- 121 posts
- OFFLINE
- Gender:Male
- Local time:02:19 PM
Posted 13 January 2016 - 09:29 PM
I'm introducing about current Dr.Web Encoder Service.
They wrote down this,
to decrypt files compromised by a Trojan.Encoder (Cryptolocker, Cryptowall, Reveton) program that has demanded a ransom from you to decrypt them.
but this is lying they only can trying to decrypting encoder.760(old torrentlocker)
they can't derypting any other ransomware even encoder.761(current torrentlocker)
ofcourse they can't trying to decrypt cryptowall 3.0, 4.0, tesla familly, except just one kind of old torrentlocker(AES).
i have asked about decryption cryptowall 3.0/4.0 and they saying
Unfortunately,decryption is not feasible.
We are unable to help you to unlock enciphered files. sorry.
Best regards, Aslan Kunashev
technical support department, Doctor Web, Ltd.
i have asked about decryption current torrentlocker(Encoder.761) and they saying
We are unable to decrypt your files.
So sad, but this is a final resolution.
Best regards, Mike Kolyadko,
technical support department, Doctor Web, Ltd.
also they can't trying to decrypt any teslacrypt family,
i have asked about decryption old torrentlocker(what only they can trying to decrypt) and they saying
Dear customer,
Free decryption is possible only if our
antivirus was installed at your PC at the moment of infection.
Please read more here - https://news.drweb.com/show/?c=5&i=9713&lng=en
Your report says that you didn`t use our antivurus when encryption occured
For clients who didn`t have our license installed at the moment of infection, we
have developed special product - Rescue Pack.
The packet includes decryption service and a two-year Dr.Web Security Space
license for 1 PC
Price for Rescue Pack: 150 EUR + VAT
You may buy Rescue Pack here: https://drw.sh/kildpv
Kind regards,
Kakusha Marina
Specialist of International Sales Department
Doctor Web, Ltd.
125124, Russia, Moscow, 3d street Yamskogo polya 2-12A
Tel.: +7 (495) 789 45 87
They demanding 150 eur +VAT
They don't even offer encoder.service for paid security space users anymore.
I have confirmed Their encoder service has failed for whole kinds of ransomwares except encoder.760(old torrentlocker)
They can't even trying to decrypt encoder.761(current torrentlocker)
I also have confirmed there's no more prevalancing of encoder.760 it even though not prevalancing anymore.
If you got hit by ransomware then i don't recommending Dr.Web for decryption.
If you got hit by torrentlocker then you have to distinguishing encoder.760 or encoder.761
If it is encoder.761 then you can't get help from Dr.Web
If it is encoder.760 then you can pay 150 Eur + VAT for Dr.Web service.
Edited by crisis2k, 14 January 2016 - 02:51 AM.
My Name is Philip You Can Call Me Phil
Thank You I'll be there anytime you need help
#51
afroon
-
- Members
- 2 posts
- OFFLINE
- Local time:01:19 AM
Posted 10 November 2016 - 03:23 PM
I know this is a little belated, but I just successfully used Dr Web to decrypt thousands of photos after getting the Crypt0L0cker virus. This thread lead me to their website, bit the bullet and did it. Cost me ~$250, instantly gave me a response and after paying, instantly sent through the decryption tool with my specific key.
I know my post is a little sus because I joined just to tell you all this, and but take it or leave it. Happy to attach screenshots/email chain.
Cheers
a
#52
quietman7
-
- Global Moderator
- 62,063 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:09:19 AM
Posted 02 December 2016 - 08:41 PM
to Bleeping Computer.Glad to hear you were successful and I'm sure other victims appreciate knowing about it.
For other readers...Updated policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infection
If you're not a licensed user for a Dr.Web product you will have to pay for their services.... free decryption services are only available for owners of active Dr.Web commercial licenses, the only amendment now being that the license must have been purchased before, not after the infection has been caused by encryption ransomware.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click 
#53
gandlz
-
- Members
- 4 posts
- OFFLINE
- Local time:02:19 PM
Posted 05 December 2016 - 12:42 PM
I know this is a little belated, but I just successfully used Dr Web to decrypt thousands of photos after getting the Crypt0L0cker virus. This thread lead me to their website, bit the bullet and did it. Cost me ~$250, instantly gave me a response and after paying, instantly sent through the decryption tool with my specific key.
I know my post is a little sus because I joined just to tell you all this, and but take it or leave it. Happy to attach screenshots/email chain.
Cheers
a
Hello afroon,
I also think about contacting Dr. Web with my problem.
But it seems that I have a pretty new version of crypt0l0ker which uses a random 6-character file extension now. What extension did you have?
Thanks
Gandlz
#54
quietman7
-
- Global Moderator
- 62,063 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:09:19 AM
Posted 05 December 2016 - 03:16 PM
@ gandlz
Unfortunately, Dr.Web has been the only vendor which has had success with decryption of previous variants. If they cannot assist with the new variant, then there may be no solution. If you have further questions, comments or need assistance, please post in the Crypt0L0cker Ransomware Support & Discussion Topic.
Unfortunately, Dr.Web has been the only vendor which has had success with decryption of previous variants. If they cannot assist with the new variant, then there may be no solution. If you have further questions, comments or need assistance, please post in the Crypt0L0cker Ransomware Support & Discussion Topic.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#55
afroon
-
- Members
- 2 posts
- OFFLINE
- Local time:01:19 AM
Posted 05 December 2016 - 08:01 PM
Hi Gandlz, the extension I had was .encrypted
I was talking to another guy who specializes in recovery, and he was asking about the different file extensions - but wasn't an issue for me. Anyway, they can crack the decryption based on the file type, just need to run it several times for each (or so I assume)...
If you want to check them out, website is www.fastdatarecovery.com.au
The only reason I didn't use these guys is because of the price difference with Dr Web
Hope this helps!
#56
gandlz
-
- Members
- 4 posts
- OFFLINE
- Local time:02:19 PM
Posted 20 January 2017 - 11:06 AM
Just want you to know that Dr. Web did the job!
Thanks,
Gandlz
#57
quietman7
-
- Global Moderator
- 62,063 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:09:19 AM
Posted 20 January 2017 - 11:27 AM
We are always glad to hear a success story.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
