Link to home
Start Free TrialLog in
Avatar of raffie613
raffie613

asked on

CryptoWall virus

I have a user that was infected by the Cryptowall and it messed up all their files. Turns out their backup was not running and looks like shadow copy was not enabled and no previous versions can be found. Is there another way to recover the files? I read that Cryptowall deletes the original files and makes copies of them with the same names. I am running a scan using R-studio, but not sure how to find the deleted files in that program. Any other ideas or guidance on how to recover these files?
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
If you don't have any backups and Shadow Copies aren't enabled / working, then if you want the files back, you have no choice but to pay the ransom.
ASKER CERTIFIED SOLUTION
Avatar of omgang
omgang
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jerseysam
jerseysam
Flag of United Kingdom of Great Britain and Northern Ireland image
I think your best option would of been to use the Windows 7 Previous versions restore. However you say this is not an option.

There is no real way to DECRYPT the files once they are encrypted. I have tried before using tools found on the net and not had any joy.

I think really your only hope is a backup of the files before the virus hit, which sounds like you do not have.

Sorry but i cant think of a way to get those files back without a backup / image
:(
Avatar of John
John
Flag of Canada image
Good advice about the backups above and, in addition, I have seen people in here pay the ransom in desperation and get nothing in return. I think you have lost your files and I do not recommend paying the ransom.
Avatar of Thomas Zucker-Scharff
Thomas Zucker-Scharff
Flag of United States of America image
John is correct.  Unless you are willing to take a chance on losing both your files and the ransom - don't pay.  Be careful because the ransom is sometimes in bitcoin and that can be deceiving as 10 bitcoins is approx. $342
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image
If there are no backups and no chance of getting the files back, which appears to be the case, and the files are important enough, then paying the ransom is the only option open to you, although this goes against my principles, if that's the only avenue open to you, then you are between a rock and a hard place.