Solved

CryptoWall virus

Posted on 2014-10-31
6
256 Views
Last Modified: 2014-11-12
I have a user that was infected by the Cryptowall and it messed up all their files. Turns out their backup was not running and looks like shadow copy was not enabled and no previous versions can be found. Is there another way to recover the files? I read that Cryptowall deletes the original files and makes copies of them with the same names. I am running a scan using R-studio, but not sure how to find the deleted files in that program. Any other ideas or guidance on how to recover these files?
0
Comment
Question by:raffie613
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40415879
If you don't have any backups and Shadow Copies aren't enabled / working, then if you want the files back, you have no choice but to pay the ransom.
0
 
LVL 28

Accepted Solution

by:
omgang earned 500 total points
ID: 40415882
I'm pretty sure CryptoWall doesn't delete the files but, instead, encrypts them.  CryptoWall is ransomeware and nasty stuff.  If you don't have backup I'm not sure you'll be able to recover the data.

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

OM Gang
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 40415886
I think your best option would of been to use the Windows 7 Previous versions restore. However you say this is not an option.

There is no real way to DECRYPT the files once they are encrypted. I have tried before using tools found on the net and not had any joy.

I think really your only hope is a backup of the files before the virus hit, which sounds like you do not have.

Sorry but i cant think of a way to get those files back without a backup / image
:(
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 92

Expert Comment

by:John Hurst
ID: 40415954
Good advice about the backups above and, in addition, I have seen people in here pay the ransom in desperation and get nothing in return. I think you have lost your files and I do not recommend paying the ransom.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 40415999
John is correct.  Unless you are willing to take a chance on losing both your files and the ransom - don't pay.  Be careful because the ransom is sometimes in bitcoin and that can be deceiving as 10 bitcoins is approx. $342
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40416033
If there are no backups and no chance of getting the files back, which appears to be the case, and the files are important enough, then paying the ransom is the only option open to you, although this goes against my principles, if that's the only avenue open to you, then you are between a rock and a hard place.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now