First of all it should be clear that if you have been infected by the Cryptolocker Virus you are being scammed and you should try to avoid paying the ransom. That said the encrypted files cannot be decrypted without paying cleverly leaving some people with no choice. This is a guide for those left without a choice who wish to pay the ransom using Bitcoins.
Beware it is always possible that paying the ransom may not work - this is very rare, but if it happens the payment cannot be reversed and your files will be lost. In other cases 99% of files are recovered but a handful get corrupted.
All victims should call action fraud on 0300 123 2040. If the bitcoin payment is not done before the time runs out you will not recover your encrypted files.
I should also disclose that I am one of the operators of Quickbitcoin.
What do you need before following this tutorial?
- online banking (or another way to make a bank transfer e.g. telephone banking or in branch)
- an infected computer with files you need to decrypt
- Ideally plenty of time left on the timer - over 6 hours is safest, although it may work with around 1 hour if us folks at Quickbitcoin are online.
Click next and you will get this screen:
Choose Bitcoin from the dropdown. You will be asked to send 2BTC (bitcoins) to an address in the following format:
- 14sYqe98iFnbav4LS1JCDAQkLgWEtUNQGm
Make sure you use the address you have been asked to send to. The address above is not the one you should send to. Please do not purchase bitcoins to be sent directly to the fraudsters Quickbitcoin will have no way of knowing if they are sending coins after the deadline has past and there would be no way of recovering the payment.
The first thing you need to do is set up a bitcoin wallet. Go to: https://blockchain.info/wallet/new and register an account. Once you have logged into your account there should be a wallet address displayed on your account page:
The long code is the address of your new bitcoin wallet. You now need to purchase 2 Bitcoins so you can send them to the fraudsters. Keep this page open as you will need to return to it later in the process. Also be aware that if you lose your password there is no way to recover it.
Go to https://quickbitcoin.co.uk/ - They will sell you bitcoins in return for a UK bank transfer.
In the field saying 'Your wallet address' enter the bitcoin address you just set up.
On the next page you need to fill in your details. This includes name, email, account number and sort code. The bank details are required in case something goes wrong and Quickbitcoins need to refund you. Once you have filled that out you will be presented with the confirmation screen below:
Click Confirm and the next screen instructs you to make the payment through your online banking
You should now log into your online banking (or call telephone banking, or go into a branch) and make the payment as detailed in the instructions page. My example reference here is QGNUODJ - please make sure you use your own as presented on the website else the process can be delayed.
Once you have made the payment click Payment Sent and the order will change to 'processing'.
Quickbitcoin operates in both London and Vancouver time zones. This means that normally between the hours of 9am and 2am UK time the transaction will be processed within 10 minutes. It is possible however for them to take up to 6 hours. If you buy bitcoins through Quickbitcoin and you miss the deadline they are happy to refund the payment as long as you can return the bitcoins. Refunds normally take 24h to process.
Once Quickbitcoin have sent you the bitcoins you should receive an email with a link to the transaction ID to show they have paid you. This is the same type of ID (but a different one) to the ID you need to send to Cryptolocker. Now that you have the bitcoins you should make a payment from your blockchain.info wallet to the address Cryptolocker is asking you to pay to. If you are unable to send you may need to wait a little for another confirmation (approx 10 minutes / confirmation).
Go back to the blockchain.info wallet you set up earlier and make a payment:
In the 'To' field enter the wallet address Cryptolocker asked you to pay to. This can be found on the window shown by the virus.
Once you have sent the payment search for their address in the search box in the top right corner of blockchain.info:
This will take you to a page like the following:
Under the 'Transactions' area you should see a single transaction. On the left it shows the wallet it came from (your wallet), and on the right the wallet it went to (Cryptolocker waller). Above that is a long ID. This is the transaction ID:
Remember to get your transaction ID, not just the one I've shown above.
Most of the time you will only see one transaction. If multiple transactions are shown then you need to use the one which was paid from your blockchain wallet to the address Cryptolocker provided and use the ID from that transaction. Just search through the transactions for your wallet address and it should match up.
Now all you have to do is enter that transaction ID into the Cryptolocker virus window. Once you do that you will be informed that the transaction is pending manual confirmation from the hackers. During this time the timer will stop and a few hours later you files should start being decrypted.
I really hope this tutorial has been helpful to you and that you managed to recover your files. This virus has given a lot of people very bad introduction to Bitcoin which is a great new technology. To date, and to my knowledge, there are now 2 london pubs accepting bitcoin as well as a range of online shops. Bitcoin as a currency has the advantage over traditional currencies that the banks are unable to levy charges on it. I won't cover all the advantages here, but I hope the experience with the virus has not put you off completely. After all, we've all been ripped off in £ and $ before and yet continue to use them.
If you have any questions and need help please leave a comment below, or email Quickbitcoin at info@quickbitcoin.co.uk