?
Solved

how to recover files from crypto wall 2.0

Posted on 2014-11-14
3
Medium Priority
?
3,334 Views
Last Modified: 2014-11-14
My laptop {windows 7 Pro} has the latest crypto malware. All my files {mainly docs and pics} are present but not accessible. When I try to open a doc or pic I get a message about the file possibly being corrupt, or the wrong format. I have tried malwarebytes, and antivirus programs with no success. Windows  "Previous version" nor "System Restore" work. I have also tried copying docs to another pc with no luck.
0
Comment
Question by:roamingtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Assisted Solution

by:bill_lynch
bill_lynch earned 668 total points
ID: 40442658
Hello,

Unfortunately those files are encrypted and the only way to get them back is either with the key or to restore from a backup.  Paying the ransom is not a desired outcome and there is no guarantee they will give you the key that will decrypt your files, but lots have paid because if the files aren't backed up, unfortunately that may be the only way......good luck!
0
 
LVL 64

Assisted Solution

by:btan
btan earned 664 total points
ID: 40442686
a good guide is from BleepingComputer - of course we want to verify the file are indeed encrypted which I believe you did and (really) the suggested only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies. This ver 2 is a tougher nut as it does secure delete

In forum, there are mention to try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. But they were not specially designed to encrypt information that was decrypted by this particular ransomware. Or try Shadow Explorer
0
 
LVL 29

Accepted Solution

by:
Thomas Zucker-Scharff earned 668 total points
ID: 40442689
Bill is 100% correct.  Cryptolocker and its' variants encrypt your files and you either need the decryption key (ransom) or a good backup.  Brute force decryption is possible, but would take way, way, way tooooooo long.  And even if BF worked, there is nothing guaranteeing the files will be completely recovered (although they should be).  How old is your latest backup?

Your best bet on any system with cryptolocker/cryptowall variants is to nuke the system with something like DBAN and then to a clean reinstall.  For the price of the ransom you can get a new system.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question