Crilock.A encryption removal

I was hit with this Trojan/virus – CRILOCK.A. It encrypted many files and I need to decrypt them. Has a method been found?

The Trojan came as an email attachment which looked like one I was expecting. It came through a Sonic TZ200 firewall with (McAfee) gateway anti-virus and through my computer with Microsoft’s Security Suite.

The MS Security Suite seems to have removed it but the files remain encrypted.

1 Response

  1. Buddy says:

    Good to hear that MS Security Suite was able to remove Crilock.A from your computer. With regards to encryption, I doubt if there is a way to decrypt affected files without having to buy the unlock code. As many experts said, Crilock virus is using an RSA type of encryption method where every victim has a unique code stored on attacker’s server.

    Technically speaking, your computer and attacker’s server needs to communicate in order t decrypt all files. Upon entering the code on your PC, it will connect to the remote server to verify if the code is assigned to your system. If it is, then the server will send back data to your computer and start the decryption process.

    With the method applied, you cannot use other victim’s code. Let’s just wait few more days or weeks and see if there are geniuses out there that can come out with the workaround without the need for the code.