Solved

how to recover files from crypto wall 2.0

Posted on 2014-11-14
3
3,305 Views
Last Modified: 2014-11-14
My laptop {windows 7 Pro} has the latest crypto malware. All my files {mainly docs and pics} are present but not accessible. When I try to open a doc or pic I get a message about the file possibly being corrupt, or the wrong format. I have tried malwarebytes, and antivirus programs with no success. Windows  "Previous version" nor "System Restore" work. I have also tried copying docs to another pc with no luck.
0
Comment
Question by:roamingtech
3 Comments
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 167 total points
ID: 40442658
Hello,

Unfortunately those files are encrypted and the only way to get them back is either with the key or to restore from a backup.  Paying the ransom is not a desired outcome and there is no guarantee they will give you the key that will decrypt your files, but lots have paid because if the files aren't backed up, unfortunately that may be the only way......good luck!
0
 
LVL 62

Assisted Solution

by:btan
btan earned 166 total points
ID: 40442686
a good guide is from BleepingComputer - of course we want to verify the file are indeed encrypted which I believe you did and (really) the suggested only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies. This ver 2 is a tougher nut as it does secure delete

In forum, there are mention to try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. But they were not specially designed to encrypt information that was decrypted by this particular ransomware. Or try Shadow Explorer
0
 
LVL 27

Accepted Solution

by:
Thomas Zucker-Scharff earned 167 total points
ID: 40442689
Bill is 100% correct.  Cryptolocker and its' variants encrypt your files and you either need the decryption key (ransom) or a good backup.  Brute force decryption is possible, but would take way, way, way tooooooo long.  And even if BF worked, there is nothing guaranteeing the files will be completely recovered (although they should be).  How old is your latest backup?

Your best bet on any system with cryptolocker/cryptowall variants is to nuke the system with something like DBAN and then to a clean reinstall.  For the price of the ransom you can get a new system.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Admin File Share Access 9 84
Is PCI DSS compliance applicable to site to site VPN 4 121
2008 AD Password hashing algorithm 3 134
Duplicating Encrypted Hard Drive 7 96
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question