Where can I get a sample of cryptolocker

A

articuno

New Member
Thread author
Feb 3, 2015
5
Hey everyone,

I have been searching in the internet a while ago for a sample download of the Cryptolocker ransomware. I would like to test it out on my virtual machine then try to decrypt my files using the site decryptcryptolocker.com. Anyone got an idea where can I get my hands on it? Thanks in advance.
 
C

Cch123

Level 7
Verified
May 6, 2014
335
It is not possible to decrypt your files with decryptcryptolocker.com unless the files were encrypted before August 2014.
 
A

articuno

New Member
Thread author
Feb 3, 2015
5
Cch123 said:
It is not possible to decrypt your files with decryptcryptolocker.com unless the files were encrypted before August 2014.
Click to expand...
So you're saying it cannot work? I thought cryptolocker has the same source code throughout the years.
 
A

articuno

New Member
Thread author
Feb 3, 2015
5
I saw this site in google
trlabs[dot]wordpress[dot]com/tag/cryptolocker-sample-download
Is this the one? I highly doubt it is.
 
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,144
Arti- As been stated above, this site is of no value anymore. It was useful for a specific cryptologger strain which was in the Wild in early 2014. This particular encryptor was of the original type that the malware connected to a C&C to generate a unique decryption code prior to encryption occurring on the victims computer.

At that time a company called Mandiant (now part of FireEye) tracked down the main C&C server and along with police launched Operation Tovar (which also targeted the Gameover ZeuS). Long story short is that Mandiant was able to break into the servers before the database of specific decrypt keys was wiped (and the C&C network was shut down), and this is what was used on the website decryptcryptolocker.com.

Basically it just used the liberated database for this specific malware version to match the victim's lifted email with the decrypt code found there, so it isn't of any value for anything else.
 
Last edited:
  • Like
Reactions: tallorder
A

articuno

New Member
Thread author
Feb 3, 2015
5
Alright it took me a while to find it but here it is:
Code: 
https://www.grc.com/malware.htm

It has 5 versions of Cryptolocker. The newest version is much more dangerous than the original. I tried the newest version on a VM and decryptcryptolocker.com didn't work. It also demanded a ransom of 5 bitcoins, which is equivalent to 1.1k USD. For those of you who wanted to test it, use extreme caution as there is no known decryption for it.
 
  • Like
Reactions: borimol
A

articuno

New Member
Thread author
Feb 3, 2015
5
Also, I already tried the original version and it didn't work, even with internet connection, probably because their servers have already been taken down.
 
  • Like
Reactions: borimol
You must log in or register to reply here.

Similar threads

A
  • Locked
UDLA - I´m I the only one infected?
Replies
1
Views
222
Windows Malware Removal Help & Support
nasdaq
nasdaq
R
Question Can anyone with a virtual machine try this?
Replies
1
Views
352
General Security Discussions
rashmi
R
vtqhtr413
    • Like
    • Wow
Technology First impressions of Humane's Ai Pin: A very out-of-hand proof of concept
Replies
4
Views
364
Technology News
HarborFront
H

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top