Solved

Crypto wall tools to try and brute force decryption

Posted on 2014-11-17
6
1,837 Views
Last Modified: 2014-12-02
Ok have a friend who's pics have been encrypted by crypto wall. Anyone know of a utility I can run on the files to try brute force decryption? I am attempting a disk recovery hoping the original felted files may still be on the drive somewhere!
0
Comment
Question by:georgopanos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 64

Expert Comment

by:btan
ID: 40447343
Quite a guide information update in BleedingComputer worth checking out for recovery that may help but do verify that the file are indeed encrypted.  Actually brute forcing the decryption key is not pragmatic as strong crypto key is already employed. Do assess if recovery is possible and not succumb to payment ... but if data are indeed lost the only practical means to get back is the ransom which i do discourage as the attacker may play foul too...it is catch-22

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Just for info, in the case for Cryptolocker early genre, there is online service (e.g. FireEye shared the online mechanism) though it is not warrant to decrypt all as they have only limited decryption key archived from their research..
0
 

Author Comment

by:georgopanos
ID: 40447907
I already uploaded the file to Fireeye and it is not a file done by cryptolocker. It is done by Cryptowall. So they cannot do anything! They don';t have a backup and Shadow was not enabled.

I was hoping there would be a tool to at least let it run for a few days a give it a shot to try and decrypt. If there is anything let me know so I can give it a try,
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40448319
Unless you think the encryption is faked, it is useless to try it. The key in use is too strong to be brute-forced in reasonable time.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:georgopanos
ID: 40448529
Ok, I understand that may be so, but as a learning experience can you humor me and point me in a direction for what tool I could use to attempt it! I would greatly appreciate it! The data is not needed tomorrow so this is a learning experience!
0
 
LVL 55

Accepted Solution

by:
McKnife earned 250 total points
ID: 40448548
You cannot use a generic tool but you would have to Google for a reverse engineered version of their Virus (which is not only an encryptor but a decryptor). I am not sure such a thing even exists.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 250 total points
ID: 40448791
no open tool to break RSA keys, you need great horsepower which for learning is not worth and none (except researcher) has ventured into that. The online service from security folks also is not really doing the brute forcing except they are trying out with a bunch of key list they gotten. there are other brute force tools like hashcat and like but they are based on dictionary or even some using rainbow table. But all these is out of the Cryptowall context.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question