Where can I get a sample of cryptolocker

[articuno]

Hey everyone,

I have been searching in the internet a while ago for a sample download of the Cryptolocker ransomware. I would like to test it out on my virtual machine then try to decrypt my files using the site decryptcryptolocker.com. Anyone got an idea where can I get my hands on it? Thanks in advance.

 

[LAGUN]

http://malwaretips.com/forums/virus-exchange.104/

 

[Maxim]

It won't work any longer.

 

[Cch123]

It is not possible to decrypt your files with decryptcryptolocker.com unless the files were encrypted before August 2014.

 

[articuno]

It is not possible to decrypt your files with decryptcryptolocker.com unless the files were encrypted before August 2014.

So you're saying it cannot work? I thought cryptolocker has the same source code throughout the years.

 

[Malware1]

You won't find any recent CryptoLocker samples, it's inactive since a long time.

 

[articuno]

I saw this site in google
trlabs[dot]wordpress[dot]com/tag/cryptolocker-sample-download
Is this the one? I highly doubt it is.

 

[cruelsister]

Arti- As been stated above, this site is of no value anymore. It was useful for a specific cryptologger strain which was in the Wild in early 2014. This particular encryptor was of the original type that the malware connected to a C&C to generate a unique decryption code prior to encryption occurring on the victims computer.

At that time a company called Mandiant (now part of FireEye) tracked down the main C&C server and along with police launched Operation Tovar (which also targeted the Gameover ZeuS). Long story short is that Mandiant was able to break into the servers before the database of specific decrypt keys was wiped (and the C&C network was shut down), and this is what was used on the website decryptcryptolocker.com.

Basically it just used the liberated database for this specific malware version to match the victim's lifted email with the decrypt code found there, so it isn't of any value for anything else.

 

[articuno]

Alright it took me a while to find it but here it is:

https://www.grc.com/malware.htm

It has 5 versions of Cryptolocker. The newest version is much more dangerous than the original. I tried the newest version on a VM and decryptcryptolocker.com didn't work. It also demanded a ransom of 5 bitcoins, which is equivalent to 1.1k USD. For those of you who wanted to test it, use extreme caution as there is no known decryption for it.

 

[articuno]

Also, I already tried the original version and it didn't work, even with internet connection, probably because their servers have already been taken down.