Crypto wall tools to try and brute force decryption

Posted on 2014-11-17
Last Modified: 2014-12-02
Ok have a friend who's pics have been encrypted by crypto wall. Anyone know of a utility I can run on the files to try brute force decryption? I am attempting a disk recovery hoping the original felted files may still be on the drive somewhere!
Question by:georgopanos
  • 2
  • 2
  • 2
LVL 62

Expert Comment

ID: 40447343
Quite a guide information update in BleedingComputer worth checking out for recovery that may help but do verify that the file are indeed encrypted.  Actually brute forcing the decryption key is not pragmatic as strong crypto key is already employed. Do assess if recovery is possible and not succumb to payment ... but if data are indeed lost the only practical means to get back is the ransom which i do discourage as the attacker may play foul is catch-22

Just for info, in the case for Cryptolocker early genre, there is online service (e.g. FireEye shared the online mechanism) though it is not warrant to decrypt all as they have only limited decryption key archived from their research..

Author Comment

ID: 40447907
I already uploaded the file to Fireeye and it is not a file done by cryptolocker. It is done by Cryptowall. So they cannot do anything! They don';t have a backup and Shadow was not enabled.

I was hoping there would be a tool to at least let it run for a few days a give it a shot to try and decrypt. If there is anything let me know so I can give it a try,
LVL 53

Expert Comment

ID: 40448319
Unless you think the encryption is faked, it is useless to try it. The key in use is too strong to be brute-forced in reasonable time.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 40448529
Ok, I understand that may be so, but as a learning experience can you humor me and point me in a direction for what tool I could use to attempt it! I would greatly appreciate it! The data is not needed tomorrow so this is a learning experience!
LVL 53

Accepted Solution

McKnife earned 250 total points
ID: 40448548
You cannot use a generic tool but you would have to Google for a reverse engineered version of their Virus (which is not only an encryptor but a decryptor). I am not sure such a thing even exists.
LVL 62

Assisted Solution

btan earned 250 total points
ID: 40448791
no open tool to break RSA keys, you need great horsepower which for learning is not worth and none (except researcher) has ventured into that. The online service from security folks also is not really doing the brute forcing except they are trying out with a bunch of key list they gotten. there are other brute force tools like hashcat and like but they are based on dictionary or even some using rainbow table. But all these is out of the Cryptowall context.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IT Security & information risks with using Altova toolkits 11 91
Security training 4 57
Why isn't object file created? 6 43
SharePoint Online Security 5 49
Encryption for Business Encryption ( ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now