Go to the fireye website to see if your version of
Cryptolockers key has been found https://www.decryptcryptolocker.com/
Upload an unlockable file and wait for the email
with the encryption key to be sent. Paste the encryption key into the key parameter
for the script.
Save the script and the decryptolocker.exe command
in the same folder path.
Change the parameter for the fileserver to match the
effected directory
This script will traverse directories and parse through all items which match
the encryption key, create a backup and then restore the file. Make sure you
have adequate room on your fileserver to hold twice the amount of data.
If all the files are not successfully decrypted it is likely your site was hit by multiple instances of Cryptolocker and a separate key will be needed for the additional files.
After the files are verified as successfully decrypted
go ahead and delete the backup copies.
$key = "-----BEGIN RSA
PRIVATE KEY----- Key from email Pasted here -----END RSA PRIVATE KEY-----
"
$list = (get-childitem "\\fileserver\user shares" | where {$_.PSIsContainer} | select-object FullName)
foreach ($_ in $list) { echo "Yes" | .\Decryptolocker.exe --key "$key" -r $_.FullName }
No comments:
Post a Comment