Solved

how to recover files from crypto wall 2.0

Posted on 2014-11-14
3
3,299 Views
Last Modified: 2014-11-14
My laptop {windows 7 Pro} has the latest crypto malware. All my files {mainly docs and pics} are present but not accessible. When I try to open a doc or pic I get a message about the file possibly being corrupt, or the wrong format. I have tried malwarebytes, and antivirus programs with no success. Windows  "Previous version" nor "System Restore" work. I have also tried copying docs to another pc with no luck.
0
Comment
Question by:roamingtech
3 Comments
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 167 total points
ID: 40442658
Hello,

Unfortunately those files are encrypted and the only way to get them back is either with the key or to restore from a backup.  Paying the ransom is not a desired outcome and there is no guarantee they will give you the key that will decrypt your files, but lots have paid because if the files aren't backed up, unfortunately that may be the only way......good luck!
0
 
LVL 62

Assisted Solution

by:btan
btan earned 166 total points
ID: 40442686
a good guide is from BleepingComputer - of course we want to verify the file are indeed encrypted which I believe you did and (really) the suggested only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies. This ver 2 is a tougher nut as it does secure delete

In forum, there are mention to try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. But they were not specially designed to encrypt information that was decrypted by this particular ransomware. Or try Shadow Explorer
0
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 167 total points
ID: 40442689
Bill is 100% correct.  Cryptolocker and its' variants encrypt your files and you either need the decryption key (ransom) or a good backup.  Brute force decryption is possible, but would take way, way, way tooooooo long.  And even if BF worked, there is nothing guaranteeing the files will be completely recovered (although they should be).  How old is your latest backup?

Your best bet on any system with cryptolocker/cryptowall variants is to nuke the system with something like DBAN and then to a clean reinstall.  For the price of the ransom you can get a new system.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now