How to recover CryptoLocker infected hard drive

CryptoLocker is a the malware which is very simple and disastrous, which is specially designed to infect computers running on Windows Operating System. Once your computer is infected by CrytoLocker, it encrypts all your data in the local storage, removable devices that are mounted on your PC and any mapped network drives using 2048-bit RSA public key cryptography, essentially rendering all the files unusable.

Until no one has discovered a way to recover the data that was encrypted by CryptoLocker. Researches like Fox-IT and FireEye has launched a website, which can recover the private encryption keys and Kyrus technologies for building an actual decryption engine which allow to decrypt their encrypted files for free.

How to recover CryptoLocker infected hard drive

  • Visit, to recover the  CryptoLocker infected files.
  • To find the decryption key, you need to submit encrypt file sample and enter email ID and such that the website can send the decryption keys and free application to decrypt encrypted files.
  • You need to upload the files which doesn’t  have sensitive information.
  • After uploading the encrypted files, website will process the encrypted files and finally gives you the decryption key with the download link of decryption program.
  • After receiving decryption key, launch decryption program and use the following command to decrypt the encrypted files.
    Decryptolocker.exe –key "<key>" <Lockedfile.doc>

But the drawback of this decryption program is, it doesn’t automatically decrypt all the files on your computer. This means that you have to encrypt the files one by one. But to encrypt the things automatically you need to know how to automate the things using Windows Powershell or batch scripting.

You may also like...