Solved

how to recover files from crypto wall 2.0

Posted on 2014-11-14
3
3,293 Views
Last Modified: 2014-11-14
My laptop {windows 7 Pro} has the latest crypto malware. All my files {mainly docs and pics} are present but not accessible. When I try to open a doc or pic I get a message about the file possibly being corrupt, or the wrong format. I have tried malwarebytes, and antivirus programs with no success. Windows  "Previous version" nor "System Restore" work. I have also tried copying docs to another pc with no luck.
0
Comment
Question by:roamingtech
3 Comments
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 167 total points
ID: 40442658
Hello,

Unfortunately those files are encrypted and the only way to get them back is either with the key or to restore from a backup.  Paying the ransom is not a desired outcome and there is no guarantee they will give you the key that will decrypt your files, but lots have paid because if the files aren't backed up, unfortunately that may be the only way......good luck!
0
 
LVL 61

Assisted Solution

by:btan
btan earned 166 total points
ID: 40442686
a good guide is from BleepingComputer - of course we want to verify the file are indeed encrypted which I believe you did and (really) the suggested only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies. This ver 2 is a tougher nut as it does secure delete

In forum, there are mention to try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. But they were not specially designed to encrypt information that was decrypted by this particular ransomware. Or try Shadow Explorer
0
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 167 total points
ID: 40442689
Bill is 100% correct.  Cryptolocker and its' variants encrypt your files and you either need the decryption key (ransom) or a good backup.  Brute force decryption is possible, but would take way, way, way tooooooo long.  And even if BF worked, there is nothing guaranteeing the files will be completely recovered (although they should be).  How old is your latest backup?

Your best bet on any system with cryptolocker/cryptowall variants is to nuke the system with something like DBAN and then to a clean reinstall.  For the price of the ransom you can get a new system.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now