?
Solved

CryptoWall virus

Posted on 2014-10-31
6
Medium Priority
?
290 Views
Last Modified: 2014-11-12
I have a user that was infected by the Cryptowall and it messed up all their files. Turns out their backup was not running and looks like shadow copy was not enabled and no previous versions can be found. Is there another way to recover the files? I read that Cryptowall deletes the original files and makes copies of them with the same names. I am running a scan using R-studio, but not sure how to find the deleted files in that program. Any other ideas or guidance on how to recover these files?
0
Comment
Question by:raffie613
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40415879
If you don't have any backups and Shadow Copies aren't enabled / working, then if you want the files back, you have no choice but to pay the ransom.
0
 
LVL 28

Accepted Solution

by:
omgang earned 2000 total points
ID: 40415882
I'm pretty sure CryptoWall doesn't delete the files but, instead, encrypts them.  CryptoWall is ransomeware and nasty stuff.  If you don't have backup I'm not sure you'll be able to recover the data.

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

OM Gang
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 40415886
I think your best option would of been to use the Windows 7 Previous versions restore. However you say this is not an option.

There is no real way to DECRYPT the files once they are encrypted. I have tried before using tools found on the net and not had any joy.

I think really your only hope is a backup of the files before the virus hit, which sounds like you do not have.

Sorry but i cant think of a way to get those files back without a backup / image
:(
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 100

Expert Comment

by:John Hurst
ID: 40415954
Good advice about the backups above and, in addition, I have seen people in here pay the ransom in desperation and get nothing in return. I think you have lost your files and I do not recommend paying the ransom.
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 40415999
John is correct.  Unless you are willing to take a chance on losing both your files and the ransom - don't pay.  Be careful because the ransom is sometimes in bitcoin and that can be deceiving as 10 bitcoins is approx. $342
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40416033
If there are no backups and no chance of getting the files back, which appears to be the case, and the files are important enough, then paying the ransom is the only option open to you, although this goes against my principles, if that's the only avenue open to you, then you are between a rock and a hard place.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question