CryptoWall virus

I have a user that was infected by the Cryptowall and it messed up all their files. Turns out their backup was not running and looks like shadow copy was not enabled and no previous versions can be found. Is there another way to recover the files? I read that Cryptowall deletes the original files and makes copies of them with the same names. I am running a scan using R-studio, but not sure how to find the deleted files in that program. Any other ideas or guidance on how to recover these files?
raffie613Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
If you don't have any backups and Shadow Copies aren't enabled / working, then if you want the files back, you have no choice but to pay the ransom.
0
omgangIT ManagerCommented:
I'm pretty sure CryptoWall doesn't delete the files but, instead, encrypts them.  CryptoWall is ransomeware and nasty stuff.  If you don't have backup I'm not sure you'll be able to recover the data.

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

OM Gang
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jerseysamCommented:
I think your best option would of been to use the Windows 7 Previous versions restore. However you say this is not an option.

There is no real way to DECRYPT the files once they are encrypted. I have tried before using tools found on the net and not had any joy.

I think really your only hope is a backup of the files before the virus hit, which sounds like you do not have.

Sorry but i cant think of a way to get those files back without a backup / image
:(
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

JohnBusiness Consultant (Owner)Commented:
Good advice about the backups above and, in addition, I have seen people in here pay the ransom in desperation and get nothing in return. I think you have lost your files and I do not recommend paying the ransom.
0
Thomas Zucker-ScharffSolution GuideCommented:
John is correct.  Unless you are willing to take a chance on losing both your files and the ransom - don't pay.  Be careful because the ransom is sometimes in bitcoin and that can be deceiving as 10 bitcoins is approx. $342
0
Alan HardistyCo-OwnerCommented:
If there are no backups and no chance of getting the files back, which appears to be the case, and the files are important enough, then paying the ransom is the only option open to you, although this goes against my principles, if that's the only avenue open to you, then you are between a rock and a hard place.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.