[Intimacygel]

Okay I got one that is currently working, Just got off box a couple hours ago.

Looks like first drop was april 4th, but the active cryptolocker process C:\Users\Office\AppData\Local\Fwuisgmpixozj.exe 91126BEDF521E6527C46EB1EAF03475A is only a few hours old in VT

[dhagar]

Any new samples since the last post on April 8th, 2014?

[Kimberly]

Sample from a UPS Spam (May 1st 2014) - Downloaded by ZeuS GameOver

[Intimacygel]

Anyone know of a way of modifying a previous sample to encrypt indefinitely even if all servers are down? It would be useful for presentations or just general education as most samples are no longer working after a few days.

Much Appreciated

[Xylitol]

https://www.virustotal.com/en/file/ad96 ... 401951281/

[TwinHeadedEagle]

Unlocking Cryptolocker - free service launched

https://www.decryptcryptolocker.com/

More info here --> http://www.fireeye.com/blog/corporate/2 ... ption.html

[Sargerras]

Not working with a latest cryptolocker encrypted files, as page does not recognize them as they was encrypted by cryptolocker.

[Kimberly]

Can you attach a sample file containing non sensitive data?

Thanks,
Kim

[Sargerras]

Sure, here is a sample of the encrypted file.
My thoughts that FireEye and Fox it get database from they C&C server. And keys are not working for new versions.