FireEye and Fox-IT tool can help recover Crilock-encrypted files


Since file-encryption ransomware Crilock (also called CryptoLocker) has reared its head, the security industry has been hard at work finding ways to mitigate and neutralize these threats. We’ve also been hard at work finding ways to recover from the encryption and restore affected files – such as our recommendations on using version control and recovery options in SkyDrive and Windows.
This week, researchers from FireEye and Fox-IT have released a tool that may be able to recover files encrypted by Crilock – without having to pay the malware authors.
It’s important to note that the tool comes on the heels of a takedown of a Zeus/Gameover CnC server that was previously being used to authenticate and generate the encryption keys. This means the tool can only provide decryption keys for files that were encrypted by keys generated by that server. In other words, the tool comes with a caveat: it may not work in all instances.
Ultimately, however, it’s still worth a try when you’ve tried everything else, and we want to share as many options and techniques to recover and protect your systems as possible
The tool, created as a collaboration between FireEye and Fox-IT, is hosted at www.decryptcryptolocker.com (note that you’ll need to consent to their Terms of Use and Privacy Policy; Microsoft doesn’t own or operate the tool and we won’t be able to help you if it doesn’t work).
The user uploads an encrypted file (it probably makes sense to use something without sensitive information or data) to the recovery portal, which searches for a matching private key from the database. If there is a match, the user receives an email with the actual private key which they can use to in a stand-alone command-line tool to decrypt each encrypted file on their own.
File upload
Figure 1: Uploading a file to their online service

We tested it out with files that were encrypted in November 2013 and received positive results (via email) for each file that was encrypted:
Receipt
Figure 2: Instructions from the DecryptCryptoLocker team

Once downloaded, the tool can be launched with a command prompt:

​Decryptolocker.exe –key “<key>” <encrypted file>

The command line operation would look like this (you just need to copy and paste the key from the email and specify the file):
Key decryption tool
Figure 3: Decryption per file

After applying the decryption key, you’ll receive an acknowledgement and consent request, and the file will be decrypted.
Successful decryption
Figure 4: File successfully decrypted

It’s important to note that this tool will not work in every case – it depends on when the file was encrypted (and, therefore, if the CnC server that Crilock used was part of the takedown).
You can read more about the tool at the FireEye blog Your locker of information for CryptoLocker decryption.
Acknowledgements
We would like to extend our thanks to colleagues at FireEye and Fox-IT for providing this kind of support for users whose files have been compromised by Crilock (CryptoLocker).
Marianne Mallen
MMPC
 
Disclaimer
The tool described in this blog is used at your risk. Read the instructions carefully on the tool’s website at https://www.decryptcryptolocker.com. In particular, note that you will be asked to consent to the site’s Terms of Use and the Privacy Policy. The site is not owned or operated by or affiliated with Microsoft.

Follow us on Twitter (@MSFTMMPC) and like us on Facebook to get notifications of our blog posts and industry news.

Comments (18)

  1. akterhossain butto says:

    all Updates

  2. Bob... says:

    Trying to repair 10,000 files one at a time is a waste of time…. 🙁

    1. binh says:

      HELP_RECOVER_instructions+wie
      file (microsoft, pic, txt, ,,) => + .micro
      Help Me .

  3. sanket2 says:

    Hi my all files are renamed to "gtdc.PDF.qjzoiqi" original_file_name.extension.qjzoiqi
    So .qjzoiqi has been added after actual extension of the files to all pdf, xls, doc & jpg. If renamed manually the files appear as corrupt so it means they are encrypted. Please help to decrypt, if any one has solution kindly let me know

  4. yismaw says:

    what about CTB-locker?

  5. nc says:

    Hola a Todo,

    Se me acaban de infectar 2 pc con este virus, se han encriptado o codificado todos los archivos de la 2 pc, tengo 4 días trabajando para conseguir la solución del problema, he logrado quitar el virus pero el problema de los archivos no he podido solucionarlo,
    sigo trabajando con el tema pero cada intento que realizo no es factible, si logro encontrar una solución para la recuperación de los archivos que vuelvan a su estado original publicare aquí en el blogs la solución del problema, le pido a los colega que están
    pasando o pasaron por esta situación que publiquen cualquier comentario que pueda aportar un granito de arena para la solución.

    De antemano Gracias a todo

  6. SolutionRansom says:

    Actualmente la única manera de recuperar los archivos infectados es con backups o restaurando a versiones anteriores los archivos mediante el shadow copies ( esto en caso se encuentre activo la herramienta antes de la infección). Otra manera es usando
    algún software de recuperación de archivos, esto depende del tipo de ransomware, dado que algunas variantes del malware crean una copia encriptada del archivo original y posteriormente borran este, lo cual permite su recuperación. Hasta la actualidad no existe
    herramienta alguna que recupere los archivos infectados solo prevención para evitar ser infectado, ya sea mediante políticas de seguridad local o de dominio bloqueando rutas definidas donde se ejecuta el malware.

  7. newsages says:

    pero por que no lo soluciona Microsoft? no se tiene garantias de un producto por sus fallos?

  8. lostfiles says:

    there is nothing on http://www.decryptcryptolocker.com anymore :/ site appears to be dead

  9. mou3ad92 says:

    http://www.decryptcryptolocker.com is no more in service , help !

  10. m singh says:

    today i get infected by crypto locker pls help me to recover my files
    i am a common men from india can’t pay

  11. dain says:

    I need a Decryptolocker.exe file

  12. Recep Ağca says:

    My All Data encrypted

  13. binh says:

    HELP_RECOVER_instructions+wie
    file (microsoft, pic, txt, ,,) => + .micro
    Help Me .

  14. Lauresa Tomlinson says:

    I’m not sure if this is the code you want but here is a little from the 1st part off an Excell file
    ‰PNG

    IHDRâèsºQ®sRGB®ÎégAMA±üa pHYsÃÃÇo¨dÿ¥IDATx^읍qã*€_]WPêI5n&Åä I°ìÂJ–;ù˜ùfÎö„¸äî¿¥}ÀÃ1;àZÌN¸³®Åì€k1;àZÌN¸³®Åì€k1;àZÌN¸³®Åì€k1;à™üûüþúÞÚ×ç?{ÌËòñ}Û,ÿþüg}ŸˆŒy%þ}æ„Ü>Œïÿ*ÄàNÌNõ–Ú×ç÷?õýÇö–ÝõWßéV½Äå—ôQë_àµÜöòBwûðç•Ö½T*›šïdþíûcíkbÓ´Vž›åùT¶w6ŸÏÑ?DZýH<¬ï–ÖÙ+Òo´mG$GsÝ·;.âŽØ{DW3;K¼?›Ïùeè¿&ùü÷yûƒq9‡õÅdlÌOÚ=CÕæ!Û^Ù§+8Ø1;
    ê°|I‘/7ºKžé¥Eþ¶}9Wz–WÚáÅÔJ3Þ»Ð8lÿBÝ_<)ôÅËDçFÜ_‰ñíû–çTrÏçhôÓLGâÑô{öžÕ½ÜZÛ$5üª…UckNتcq»IÝ,m³[ɵf-42ëxÛ²7½NmgŠŽAíšcÀzyl_0Û£^ªÝÎlŸ²YëÕîK`Ô_±’ÉêmHËÑü§Å4GâQ÷ì=­¿Í­‡(Ì9â—«[‘û„­º†»üú+[~C¦Äd¿$qj4
    ë.¤_ŠMì4þÏ]Ç7³Æ!ÍÑuf؉忋mÝŸŠ¾bÃèÂJä•ym1£Ú92¦×eÅå¬oVüÒÜõsÀæbßÒV{”Ì¥¥\Êœ‘-OÃì4è_Àò;PzÙ‘÷µöÅwû¾“§^ ÊËÛŠ~‘Ò/½côûXj­ÎãöÈK`ö7#C³}öe-Cú«ì[ío?¯ãîÏ‘îÛZÿ²ŸegÄeÀÞÓúÛÖÆW_Ĥ6Œÿy¿ºVô°5c]]³8ý–L56õI¼½K
    »¶ÛïrþzFc<‚kbG|ØÇbyÈï¦.4nϧ¢_û#:$?5¦_šœÓÕ —“¾õ²k"6‹ŒdÎ6FÄîõjŒøAÌNã,¿-/6óòÚ3Æü f§ýbªÞq¶–_~ô‹®ñ”Ö_´d”çÍF½ Y—‡í±_¨ý¢²y×­ã2¾Ôˆø«l±Zñ÷`ŽÔ­÷Å#hïYýV~27R?GürÐ^eÄm-D.\[~K¦5vz)eSâÜÄM3ãùc×ñŠQ3]¾C±¬Çé¶Í1lˆèv|’©‘šÌy/¶ìÚŽÓc]V\lÙsfó″6ëœpo‚Ùi༷/³êâÁÑR²º‹
    õÝ¡;õ‚æ\~³Ç³1:VÙ³4ÿ0à¯y¡¢/ü—ävþÚ,»ÝCÙ³xœ±wªžßsðk) íO¡ó÷„­VÌäF¡Î¯×oæAÆš¾t²¼øÈz]nŒÇxþ(U¿½†»Ë°P,[~ï6„t{>Mõ’úX÷òYæ˜&§Çtv¹9éÛl^Äf‘‘ÌÙƈØVŒøAÌNƒÈËñÒª—uû¥TÆ«¬‚Òc~ï¡t5昈=Öœz”—:ã%³»|ἤÎý•ÒFFûRz&G•¢ßÔŒGÜÞºo¬?’ß
    ™«ìÍs×è—éÙþ¸­+6EpŽSgúË2%6›­ëg]+ßžÎì£]³±1š:îëBÍz±.¤;âSÕ¿ÉíÖoÓÙ¥ë­_^žCcBºú¸œöÍ›—ìX?l{›³LcÀbvX/`;ê®z¡Ú‘—’ÕZ¥§¼DF—6ËÍ1{”ÜÒZ»Æ/¢ÒòˬFûk´¯Û÷Í‘Ýû|>Gê]U5ËÞY<üXŒr4×o镦_°uÌã/Þ‘<{v&w¶‹_–4Ó&•Ÿ"KnqÈ6ý:çU¿ÌµPésò™m3j©cú3¨ã…:_ß·²@v¿±¬qÿ¾Ë°Û‡ñ=¼ fgÇÇm¿¨.»ÔÁ÷íû£ŒÿX>í-]ëè°Ç÷—¹!»7š;É¥
    þ½:5ø¶È•¶ù¢eÉ…ÓÙøxMâ6¶½Í{þÜÇ]䲋JÞÚ×Ê¿&­®Q¿êËMÏQº‹.qnWëKþ<Š•jf<,¹#9mÝE×Á†–獀Ә&í¥Jþ|ûÜ/)¼‹u‰‘çv—u녁¾°PrÊ…ˆºTh.$*ô…úÉ©d¯}¹àÈ
    Ù-v]ežsWßv,}Ê×¥%EO–qO|¼þˆíJÏ-Y[¹ÔÛ¬ýÒyÞÚ¦SË϶ݓ)ZÉ…’³ÕCk“!·›³ÐÉŽÇ*!ÓsþV<Æ}nî”ÍeÌ‚»t]V6ÀE˜6åE=],ä‹€ôç|‘¡ÿl]¨¾î£§¿dq.hú¡ó‹×î*&û<ë’D£.<ò…ˆˆÝ/@Œ1-ñø8ý!ÛÕ%P5Π½¬RŸS«û¬Ë«lÛùÈc½¬6nf½´ºZßÒ˜N÷X-t9_±âaôr^Mžj{àBÌN}‰ò±ÿy}iϪ?ýÙ»ÔH}抺4©Z¾lð.šÚ‹…½Ýç/~ä²Ãi–EFúzëë.eŒ1çãc÷Çl·.†<ê‹ Í©‰êr¨\öXòÏ磌UH(Sœz}õ÷y^cƒÒºˆ›Æ꾋¸Pî‚ë@diÿà˜r9Qþm³æb@þÍ3õR¹@‘ې2¦¿ ð.š‚—ç/~Äì—Ê×ðEœú|vÌöc—KŦeì&?ÉÞõ/¾}fE–%ÿ|>ÊXšW~Z·ãÐØ e¼ÀEœm³A`pð4ÌN¹ØZ!²7}¹pòB뮋¸ŠÙ¼;.~ÚÏEæ«èEœ|ljýjþŠØÜÛÛ_ræ1’”#’Xu9_™Äc£…œ»Õm‡³tlìõavú¨—ùåµ]]¨Ô0Õ}ðEÝ=-íëûv+×®žú»öÒekã‹S[§š§QŽF/âª1k;?ncۏ].%ÄN#]7•Oþ}ùèÑòt¼2ÊŽÜš.“Ôä×°³îc±ÓÏ\ÄmŒr]zqÅìø]¸OÃìøUðS_𘝿õk©í¯›R Ûše߿ΡÁždøÂ%&ÀŸÁì4Ð/+êÅL¿PL_xžÌ©Kåç«ù=\Ä ¦/öïxçørïEÜ×ç÷¿½__féË.¹«×ùÖß®}ý¬Jmßúž­–%öô1оÊ6´û¢bÒ^Ú‰¾wÜKàÌNõÆ’_B^ú¥BÞŽ¸ˆû­œÊñ_ƒšþ9~Sì_.¼ˆ3ÿbgò—=ÿ>oõÚWϩܼŸÔÿ›ío÷Ìsü—­IùÇ~FÇ€æ§$†/`zìÞœ®ò’Ô½¤(ë‹Pþì]ú©§ªeyÎ÷Å.o~Ò7›ÛÓ½°é¾2¯}!ê±Çy/œ‘ñbonýËbÿ⺴dÛEùœÛà娷u%dWbŸÖî¥O×þíVþœZ•5®nŽ½áü·xö{ñJ1ŸåC}Ÿ›¶ãa1ØÖBT÷‚[³®ÿ_ß_E¸Ž»ßÔ|kö‰½¡#·31WHìC­}_NØÔëÛûu­ä¸èB¨be#¾Ý¾o•ÍØ¢ëöý)ÆØ5¦žoROûXeŸö·çù
    ³ÓG¿(åÖ½TÈK[~‘—’ýePÉ)//òÕ¿¸,/xêu§¼PŽtöòÒ=×z1R/œÕË[dnÍðE¬Èjíèq^“»æ‹ït¼è(ß—9“—È4.}¾;ŸÚXY:”v©1³ø,Ü®ÆÏØ{¢Îæö‹Åþ•Q>zÛGkøÚj!¤Û‰]š»~øoÙ¨t®q5lè}‹Ä>÷_óù>Û¤t—9­î±}•/’læ¦tï¹×zuÓó
    µ%Yÿ“>F2YÙR÷¯uàŒëe:~¬Í‹üBÌÎ!ê½cmå‚cÇ|©i_°Ôç2¿½0ÚŒ_¤T_CÿÂè¼lôsZõëÒ꾸¦¯¦ãKœ´û5_³Xޛπ
    ¦Ø5§²;ׄ’[^¾#rgöˆ»Îæö{5íçÔÙúü¨”ïõÐ=õ ˜uy°lh.‚B±ïä+{OÄ\tì¨9ñ}ȨyÏ—36iùêBM¦5—lå£é±jÜêWûy—»³½ã:­çöý*.Ê–N¦Ž{‰ß¨à—bvN°_<2òž¢_,š—¸öå0)G/ƒ6¦ÎN^BÙQµ<ÏyÙÍmû׾՞ŖÍ÷ÔW^Öª8Nô4/Ò¹•—à–ÉxyatÚ;§¶Ž3ù<mƒ™cEÄ®i<
    »Õœ2®‘{ÊÞ•ƒu6µß«i?¦í­œÅ R§uWŒ÷—z~°ºXÇcoÛ{<æ¢##ºÖ9ëøeìp²bãør§M]«âÔ té–õv1Ù¦ôHÍ){E˜Ìmúå‚NŦk»Lm»öÑ”¿³s‚zéx§‹8õ“_¬ä,Ïs^6Cs{ʘEÖ&"Ýu,±ûÌb³®¨žÉiÇ`¼¨ôý˜Ž¹3Ÿ§mèt4„ìªÇé¶ÅÓ°[/1oäž²W&óß2´ß©éÃùð×ð•1°u7œÕ]1Ù_”ŽÛgþ³²Ù²¡‹u«zÜ–ä™ùÕëяwBBŸ‘Nü”A!¿àÝ1;’¨Šò’!Ì.ŽÖ—
    õùŠ‹8Sg#OÞwdL?Ï~YŠÍ5P/YkÛenÝòÂçœÓã¼à¹4ã‹ÒÁ‹ål̽ùØÉq;’fWKOÃnë%½‘{ÆÞòµšª³ŠÖ~¯>ü|˜:køÊÌó³Ð=—3Û_Ô÷¹éýβAÅzë‹Çþª˜‹E³·]çÖÝïCvl_NÙ¤ä[UKÓëU⫈ÄfAâêÇÇcû+¡­Ç¶RŸå³¥Û¿³s‚zA1_ú—þ%³#/8Ɖ~ñ³P/aý¥Ö&oøÂSì:ñ²TæZ¨X-­Gj2?¢gã¼Ë‹´0oûœçn6;c’¬õó½ùØȱÈËÌí:Ÿ<NÉr»Ë‡ö®¶Tß+ݪNº9§ò;ÊG`
    ?(GkÁÕíÉIs×Ï#ÿ7Äç­] Æ.F‡bQÌWY-Çö!Û¾A<KwÔ¦¹¬27˪â§ëh³[|itZö5xsû|ö9ê±b·£lq÷/6ð[0;'¨—:÷EA½LäÖŽ•7©µÝnåg¼ÐXLåé—·Ô¾–1Ez ­_Zów±¹=2O½äéÎÆ·™žúå9·æåSo[FªNsLÎë4þó|Nm˜ê0˜Ì™ÇÇ°;zùpÂÞzʼÎbùµjz–É~`ÃZˆêöä¬~Dö·&þz
    W­ÍÓ‘Ø_sIƒ§}ðì¨ú
    _NÙ¤ä7Ï…:_Ûü¦„J+úò*›»ï6D§a¯¡<_*gú墍¡ö#1ò~f'<ìßiRÿ¶Uû¿%梠þ£HQÿøý‹pY®ŒûÏ£ÿ±ÿÔºðÿU¹¯\‹S_cÍ;Üÿ¶ß›ðÿsx ÞzÈëfôlŽŒyE^pOx볐Å#kãªü½kýfô¿ü[êæRÖöÒ~Áû(¼,f§l mAJ­Þ¾?TÿSxêEœÞ#þ8/Âã1;
    Ôá©Ù„dƒzäCÇÑÿ°E¢6õ¢ïì6òð Ð=ð_ˆËò`ÅýYø5~I—wX¸s½<ª"r»1–_^</ŒÁ)"5vÞF;ï¯Ê«æè
    žýÌøM¼B]ˆ
    ¿3OÏŒ¥Ò¥ö%}™¥_TËÖ<¶þö¹ jemc_Dvjµ,±'Ë°k ÛcÕšn_¸E߁‡öoxýÏ!Çp´f"c~k}Dö„'?»¤g¡÷áºÚx\þlÕ¼ÞãÆDbðSüìÞ5çgì“z¿õoÙià/€SÃ8úŸzw–‹6ÞîÿBp×!ézÐ…Ì£ê!"7¤ûgšs[cÏû¥¼jŽ®àÙÏŒßÄ+Ô…Ø@žîÅ~IÕk¡äÙêSüû¼Õ{~Ùð¤™?}² _Š·¦Ÿv͉øý|é¬_sß
    =§B{„·F~ríä.moøŽw¤ãþk¹³1­_£x1X™ÄøàZ«Z峧_s.O~Þ™¹
    íÊŸ—˜)Á·E·´­>µ^Yo³XüTŽ,®–;ð퀬>ŸÞZ†sèî/-–¶ÆÄ«“¯ï¯”Ü©«Ô?°a«W©±cöÜôcÞø^d[ý¶ß¦}ÊŸò}1b¾onsŒXFã¤ÆÕÍ«O’ZN¶A³Ê±¸}û¾eaÖ¼¢kyÉc쵡βö±Ê>“nœ›ûcÜ4ÞñÚxß©ÏHÁš±|R1–³xÃdŒ¿–¦q±™¢Sê&ûÑú¦>—zŠì Ƽpì’þ¯x¹7êΰ»jV;”¼Üªy­¾üyµò½n­_zl]?ž?[¿­þvüÒ²[Êx«ß“1³o²vÕ—ñ3´ 5Ðúp7f§ZÍ”¼/½àUA§qía¢|_æ‡G¿Þd÷ÒÿÃ}jƒ(úŒ¾~±½ÛðÜEÝÎYúd’ØmîÇ´º‡‡Ó}L”äSƒ1§·7’+îòsíÓÈ÷UôËXÁÞ¸¯ª¡¥¯‹oKš£íSº‹M¹‘1ã¼Õñ[ú[Œ1Áuaç=à_¥3y‘Ûò}º´Õ5vii_y:o³XüDŽZ/·ò-$Kü/5_æyë-0ç îöqêãmúX1¨©ÒmTqÖMÏ+Ô¶3Š­™¬³O|RöÊdeKÝ¿ÆÍ×ËtüX›¶ÏˆÍÁ”«®ì_?븣/¢¿ÙÄÚx‰NÁŒa#×ÓÚ£>w›ñÒê¾]NȧkN»y‡òÐÇøa~2v…ô‚„L?ÜÏÕP¤6ùcDÎ`­žÒm­oϸ?Ç^œD‡ÐúlÛÚr.O©Oº$ï!ÿ´Îj,¡Éœ­¯ÓcŒiécñó9z\îß”²ÊçÑ^•ûw”séöüÔ‰ás—sË5oë{…µ[ÛT†g?‘˜bbú0BùSÖZãÏ\fËHœL¹ÓX*]j_’iúµP¾0š«Æ­qh?ïãrwöiìC=·ïWùí±*–%¾æÚ1bªWo8ý–̦ÆÕL›3õ]¿è˜âß`-…âb æ­zun–V÷e9Ê×Ç:^R¶Íe^ öÿckϲ»Gdi}Þ¥¯óEékdÅì͈œ®6~:ÆwzžZân³^DyßôX5nÕÙ~Ö2gt1Rˆ¡ýw+Ê¿®fú=§«¯®nêy[_/§–¥lkä™c*æ6ž‘±Rbg×Ñꛑ7 ùžïQnG¹¸³ÓÀYR»ý‚×-/~YlNkäo8ú­ÍEV׺`Îé³F_@¿¶ýK~†x¸˜»˜&¹æ˜.NÖf´ÌÿØìN}%>y3
    ùÔ`Íil‰å¡ñÃüì°k,¦?÷2­ï\
    ™64c6ù-ÊΪmr”rcº
    ¿ÜÌq¸.Ç>Û¶¶œËSê“.É{È¿‘]”`ùjëëôcæ±ø© ’ëúu晚ÐmÇC3®ßz~°Ž»Xý|]hÞs3š§#1ÑMâÓ Æ—µÖú3•ÌM#׌÷4–JWÛ²n‹‰-#û•É›²W„ÕqWýó}-5#þÚGS^C þqú-™ƒu¢[2W¯Ã†Á˜«ö/-Sú[ç­s–ñÃó™±>{Bx]5±ø/¥3Z{–ݍ¾ªùù2õuõåé;¸Wëç‡ó— ÚصVŽFÕ†n¹Nºšµ¤Ìm}ör­Äe¡žoŒ5ínk©ýlÉÎ:›±“8örÆ6êæÛ»É
    í]¢|ùØØ3<Cïrp'f§½æ",(süG¿µ¹ÈêZÌ9}Ö¦ÜÜý•íº©õÓæ_}œÊ&µ|Þæ¤ñû¸Å†ÏÆó³£—™ˆêo‘éû±ø•¹’ëúvv½M͹D÷¤~•ŽÛgþ³Š‘eC«Ÿ¯‹J†nÓue0‹I3F7‰‘=¶Ø-†2Ïí1¦ÏÓX*]{üDŽÒ5BOhkÄj†·y5² {–çÛ†„ ׇSÃÊ ×ï@ü5âô›þc‡5³Ë2ÐçëûÄhŒ„å¾ý«›³£uoS’žÝÿ%gýùÌÚçT¼tS{Bx]5±øoŽéü7ôËÄ¢¿÷Ø6µ5cÅi0¿³wcV??š¿±jÞ.O…]å}€ž°êpìÍ­²;@©Ã~­˜¹ªðã²¢jüêç¾m›1VéЭè›Ù8•qľ•[.âàÅ0;
    úMnܯiTÿ‚¶ ¹¹´òOé³6=£/¢_ÙžÆÈXÍi0ҍ\sÌО½í¶oÝò}–’äSƒ5§í›ÉXécü0?;ìëowõr †”õ°É$2§•‘Óm­gÍžÍq NŸm[[Îå)õI—ä=äßÈ.qlùjëëô4cäã(ÏÏ‘èØx”ܧ?3″s.Ñ=«_õ}nz²lhžQ¯P­M¢çˆŒÌ$&žÿ;ÊŸò[ºq¡zõjÄé7ãeÙ­ieÙ>%²yþùf2¦óÏ ÇÆ2no{l¶në|¦ä”8Öñ2÷k^$öÿck¯×/®Ë¼^V7S_ç‹’OÇ‚ãgîvëGœØÚ3ó·3¶±_µ~–Væ-‚DŸ¢­Y7ÖEìé|(ñõdúqé¾ÏM¯¿ÈÐñR:bu¸÷,Y;Z¶}óØ-”1iêÖ’ÓvŒ1ý|€k0;m¬”U‹1÷­‹V/’nŒµaÊ\{Q;s¬Í@VWÿ`<£ÏÚDr_H»Ù)9eLƒW ¿'×Ù0õæµ´~lj“
    ¶ó©Á˜ÓÛɃ÷ùÙáÙÕ_#!Ó²NÖP¨jÄÆü½®»ÝîˆÜn+o^<­±âòÙÔßbŒ‰äié“®£54°K¾|µõuzš1‡cñ¤m²4’ëø’åÅe³­Ì«Ì¹Gwš»~¶rS#ñÛZe¯aCo×K÷³êBéžÅj¡ÍÓ(&ëw:–ÊÞ¼ÞjzŸ‹;»ms™F,#q2lku'NJV™›…5ñ[N%žNˇo®ôç:ìãÜcÕäN$æVl"yðbˆu–Ùú{¨f*9N9n³1žìÍ®Õæ»â"¹L­AjÚ6%§Ä¤­5ÆÒ?XW}­óß_{½~ÑeŒêïëh·®DÈÞÄ‘úÙÚSóWÍõl´â· bPtä 4y–Øl:ú¼íXë Ä W#û×Ï£¹u.Û›‡µTÅf^‡ëgm—Q{õ¼­iç2&þìRN9D¨®¥9ùÿõ‡y¾Âƒ1;
    Ñ3Üþ4Ñ_})Æä­H?™ J€¿­¶îrþ­Ÿ>ÉDÆübþèžÛ+Þ¡6^ØF}±4lb»<‹®õçžûo÷þ³{<³ÞyÙZNŽý¯ÍüɃå$&o…ñ+BKã%áÅá…îçø³±g¯xMt^®ºŒ{‡çþ›=‡Õ¯ª¾ËOïÁ[bvÀµ˜p-f'\‹Ù ×bvÀµ˜p-f'\‹Ù ×bvÀµ˜p-f'\‹Ù ×bvÀµ˜p-f'\‹Ù ×bvÀµ˜p-f'\‹Ù ×bvÀµ˜×òïóûë{k_Ÿÿì1Žߟ9(·ãû;!毆ÙÙñqÛou¾¿¾?ÿå~u™ô}ûþ(ã?–O{K—L\

  15. privato says:

    where is the tool, please

  16. Ferenc Halasz says:

    The decryptolocker dont work from august 6. 2014.