Locker developer releases private key database and 3rd party decrypter released

(...)

When I enter my BitCoin Address -  1H76CNN799h2nzZLhQhTs49UnfzytuWby  -  it comes up with message "Could not find your Key! Please check your BTC address and try again. If your address is right, you may not have this infection.

The database dump is not complete - it starts with bitcoin adresses 111... and ends with 1AH... (62703 bitcoin adresses in alphabetical order). So you will not find your 1H76.... there and the aplication will fail as well.

I am in an even bigger trouble as my bitcoin adress starts with 1L... :-)
Fortunatelly, most of my encrypted files are movie clips which are quite big files and that stupid encryptor destroys only the header and a few seconds of the mp4 or MTS file - the untouched video and audio streams are still there.

I have restored nearly all of my important recordings. It is even possible to restore 95 - 100% of the picture in RAW format. The real problem is with documents and project files which are encrypted as a whole...
 

Thank you for your reply, much appreciated. So will I ever be able to decrypt my data? are we waiting for the database dump to be updated?  

Thank you for your reply, much appreciated. So will I ever be able to decrypt my data? are we waiting for the database dump to be updated?  

Well, you should always archive your important but encrypted files as it might be possible to decrypt them someday. Keep the bitcoin adress safe as well.
Verify which version of cryptolocker was used to encrypt your files. That was Crypt0L0cker in my case which is the newest one described here:
http://www.bleepingcomputer.com/forums/t/574608/crypt0l0cker-support-topic/

They now get money but do not give any working decryptor.

That is why my bitcoin adress is not included in the database dump of the above locker.
 

Tank you.

I hav problem. I hav this locker but me bitcoin address not found. I used searched pastebin for my address 12YZPnfaPoRxHVhKtkTQUk8ea5BKoSvUx9

and found this:

http://pastebin.com/nRZak5kp

How I decrypt? I hav 40k files locked.

Sorry for bad english.

Here's more about it.

 

Soon after the hacker posted the database, Nathan Scott, a member of the online forum, BleepingComputer.com, designed a tool to easily decipher the affected files. At least some of the files were able to be unlocked as reported by various members of the forums.

According to Lawrence Abrams, a member of BleepingComputer.com, an uplifting message is displayed on the victim’s computer when the files are deciphered.
The message read “I’m sorry about the encryption, your files are unlocked for free. Be good to the world and don’t forget to smile”, according to multiple victims.

“I’m sorry about the encryption, […] Be good to the world and don’t forget to smile.”

http://www.techworm.net/2015/06/hacker-gives-ransomware-victims-their-files-back-due-to-sudden-change-of-heart.html

According to Lawrence Abrams, a member of BleepingComputer.com

I just ended up trying this, So far so good i mean I actually have tears of Joy.......

I am going to make a handsome donation to you the developer of this Decrypter!!

Thank you So much.....

Very Simpler and easy Tutorial to follow..

 

Grinler is simply a "member" of BleepingComputer?

Yes we took a vote and demoted him.

I do not have the Bitcoin Address.  When I use Brute BTC,  I get 'application stopped responding' message as well.

How do I get the Bit Coin Address?

I don't think I have the locker.  I have a readme.txt left with 

Ваши файлы были зашифрованы.

Чтобы расшифровать их, Вам необходимо отправить код:

8sdfsfsff4FD8B40A23E|0

на электронный адрес decodefile01@gmail.com или decodefile02@gmail.com .

Далее вы получите все необходимые инструкции. 

Попытки расшифровать самостоятельно не приведут ни к чему, кроме безвозвратной потери информации.

All the important files on your computer were encrypted.

To decrypt the files you should send the following code:

8sdfsfsff4FD8B40A23E|0

to e-mail address decodefile01@gmail.com or decodefile02@gmail.com .

Then you will receive all necessary instructions.

All the attempts of decryption by yourself will result only in irrevocable loss of your data.

Edited by saleanddeal, 08 June 2015 - 07:15 PM.

Hello team,

Yeah i was hit by this also and need some help recovering.  please see the below.. so i have no idea where to find my bitcoin address and if use the Brute BTC the program crashes. the site below is always unreachable. Any help is much appreciated.

YOUR PERSONAL FILES ARE ENCRYPTED BY CTB-LOCKER...

Text File:

Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.

If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.

Open http://43qzvceo6ondd6wt.onion.cab or http://43qzvceo6ondd6wt.tor2web.org
in your browser. They are public gates to the secret server.

If you have problems with gates, use direct connection:

1. Download Tor Browser from http://torproject.org

2. In the Tor Browser open the http://43qzvceo6ondd6wt.onion/
   Note that this server is available via Tor Browser only.
   Retry in 1 hour if site is not reachable.

Copy and paste the following public key in the input form on server. Avoid missprints.
UWKGOWW-ELZPQ5N-6KLQY7N-4TFCVKI-PECCJRW-764CMQT-GJKKJ73-PUUWJCV
L6I4MIO-MAZ3QO7-73ZU5C4-GVHZLEW-KHOFZIN-GT3YN32-XP6WL5J-7WYSGRP
A3KGGBJ-BDADG26-LEMR7DJ-SLJCAXO-BJZ2IKO-PCSVLD5-N4SK2G3-XXDX2L6


Follow the instructions on the server.

Typical files now bwaska:

The newest variants of CTB-Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolder, TorrentLocker (fake Cryptolocker) or CryptoWall ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.

A repository of all current knowledge regarding this infection is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ

There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.