Solved

CryptoWall virus

Posted on 2014-10-31
6
268 Views
Last Modified: 2014-11-12
I have a user that was infected by the Cryptowall and it messed up all their files. Turns out their backup was not running and looks like shadow copy was not enabled and no previous versions can be found. Is there another way to recover the files? I read that Cryptowall deletes the original files and makes copies of them with the same names. I am running a scan using R-studio, but not sure how to find the deleted files in that program. Any other ideas or guidance on how to recover these files?
0
Comment
Question by:raffie613
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40415879
If you don't have any backups and Shadow Copies aren't enabled / working, then if you want the files back, you have no choice but to pay the ransom.
0
 
LVL 28

Accepted Solution

by:
omgang earned 500 total points
ID: 40415882
I'm pretty sure CryptoWall doesn't delete the files but, instead, encrypts them.  CryptoWall is ransomeware and nasty stuff.  If you don't have backup I'm not sure you'll be able to recover the data.

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

OM Gang
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 40415886
I think your best option would of been to use the Windows 7 Previous versions restore. However you say this is not an option.

There is no real way to DECRYPT the files once they are encrypted. I have tried before using tools found on the net and not had any joy.

I think really your only hope is a backup of the files before the virus hit, which sounds like you do not have.

Sorry but i cant think of a way to get those files back without a backup / image
:(
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 94

Expert Comment

by:John Hurst
ID: 40415954
Good advice about the backups above and, in addition, I have seen people in here pay the ransom in desperation and get nothing in return. I think you have lost your files and I do not recommend paying the ransom.
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40415999
John is correct.  Unless you are willing to take a chance on losing both your files and the ransom - don't pay.  Be careful because the ransom is sometimes in bitcoin and that can be deceiving as 10 bitcoins is approx. $342
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40416033
If there are no backups and no chance of getting the files back, which appears to be the case, and the files are important enough, then paying the ransom is the only option open to you, although this goes against my principles, if that's the only avenue open to you, then you are between a rock and a hard place.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Email attachment when clicked erased Inbox : what to advise customer 3 50
Applying Computer Settings 12 78
Rensome / malware protection 9 70
Security Event Log - 4625 11 31
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question