Talk about something that totally sucks, a friend of mine was hit with the CryptoDefence virus. There are various web sites that claim that the writers of this virus made a mistake and left the decryption keys on the hard drive. I only found one web site that says where the key file is supposed to be. Supposed to be at Application Data > Application Data > Microsoft > Crypto > RSA. I accessed the drive and the files aren’t there.
UPDATE: If you are infected after March 31 then the keys are no longer left there.
So – I’m wondering – all these articles on the web that say “Dumb CryptoDefense hackers leave keys on victims’ PCs” – but if that’s true then there should be a way to recover. So I’m asking the web for help. I’d like to recover this drive. If there really are keys out there this should be possible.
I’m willing to make a disk image available to anyone who can save the files.
We can’t let the kind of terrorism stand. If this becomes common and if they are allowed to be successful then it’s going to be happening all the time.
New information links to someone who is working to figure this out