BitCryptor has encrypted my files. I have backups of mostly all my files. But I'm curious if I can decrypt my files without paying the ransom.
Asked
Active
Viewed 1,072 times
2 Answers
1
Small chance it's related (but the screenshot looks alike) and even then: very small chance this will help. But the Dutch government and Kaspersky Lab have found some decryption keys for "CoinVault ransomware" that is worthwhile to know about; see https://noransom.kaspersky.com:
Are you a ransomware victim? The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab have been working together to fight the CoinVault ransomware campaign. During our joint investigation we have been able to obtain data that can help you to decrypt the files being held hostage on your PC. We provide both decryption keys and the decryption application. For more information please see this how-to. Please note that this is an ongoing investigation and new keys will be added in the future.
Just in case in the future more keys are recovered: when copying the encrypted files also make sure you copy the Bitcoin wallet address, as that will be needed to search for decryption keys.
Arjan
- 31,511
0
Unfortunately, there is no way to decrypt files encrypted by BitCryptor. This is a CoinVault variant that uses AES encryption. The keys are generated and stored on the C2 server.
I did a full writeup on this ransomware today:
Lawrence
- 68