Solved

how to recover files from crypto wall 2.0

Posted on 2014-11-14
3
3,324 Views
Last Modified: 2014-11-14
My laptop {windows 7 Pro} has the latest crypto malware. All my files {mainly docs and pics} are present but not accessible. When I try to open a doc or pic I get a message about the file possibly being corrupt, or the wrong format. I have tried malwarebytes, and antivirus programs with no success. Windows  "Previous version" nor "System Restore" work. I have also tried copying docs to another pc with no luck.
0
Comment
Question by:roamingtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 167 total points
ID: 40442658
Hello,

Unfortunately those files are encrypted and the only way to get them back is either with the key or to restore from a backup.  Paying the ransom is not a desired outcome and there is no guarantee they will give you the key that will decrypt your files, but lots have paid because if the files aren't backed up, unfortunately that may be the only way......good luck!
0
 
LVL 64

Assisted Solution

by:btan
btan earned 166 total points
ID: 40442686
a good guide is from BleepingComputer - of course we want to verify the file are indeed encrypted which I believe you did and (really) the suggested only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies. This ver 2 is a tougher nut as it does secure delete

In forum, there are mention to try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. But they were not specially designed to encrypt information that was decrypted by this particular ransomware. Or try Shadow Explorer
0
 
LVL 28

Accepted Solution

by:
Thomas Zucker-Scharff earned 167 total points
ID: 40442689
Bill is 100% correct.  Cryptolocker and its' variants encrypt your files and you either need the decryption key (ransom) or a good backup.  Brute force decryption is possible, but would take way, way, way tooooooo long.  And even if BF worked, there is nothing guaranteeing the files will be completely recovered (although they should be).  How old is your latest backup?

Your best bet on any system with cryptolocker/cryptowall variants is to nuke the system with something like DBAN and then to a clean reinstall.  For the price of the ransom you can get a new system.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question