Cryptowall 3.0 -- Removal

I easily restored from my backup therefore NO big deal.
  ** What RESTORE TOOLS do you recommend if
        someone does not have backup based
        on the below ?
  ** Windows 8.1 machine
  ** running updated Symantec Antivirus and Windows updates
  ** somehow got Cryptowall 3.0 virus
  ** local files are encrypted
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dbruntonQuid, Me Anxius Sum?  Illegitimi non carborundum.Commented:
First, remove the virus using a good anti-virus product.

Second, restore the files from where ever they are backed up too.  If they aren't backed up somewhere then the user may have to chance paying the ransom.  You'll get various comments about that last sentence but if paying the ransom is the last option to recover valuable files then ...  remember it's a chance and there is no guarantee that the decryption key will be sent.

For the later versions of Cryptowall there are NO known decryption methods at present unless you pay.

For lots more information read
** What RESTORE TOOLS do you recommend if
        someone does not have backup based
        on the below ?

None, as they don't exist.

Teach your clients to make backups properly of any data that is important to them. Teach them not to use outdated OS's like XP, and that they must keep their OS and software fully patched. Have them use updated AntiVirus software, and the Windows firewall should never be off. Have them only use standard user accounts when they are logged in, and not accounts with admin rights. If they need to do something that requires admin rights they can always start the program "As Administrator", or UAC should pop up. This makes it a lot harder for unwanted stuff to get installed. Teach them to never open attachments if they aren't expected.

Basically, teach them common sense, and it will be a lot harder to get infected.
Thomas Zucker-ScharffSolution GuideCommented:
Yes, but....  More and more I am seeing an uptick in serious malware infections by drive-by methods.  In these cases the user's only mistake may have been to visit a sketchy website (which a good proportion of users do every so often).  If the infection is being spread in this way the user may not realize that they have been redirected to a malware website that looks the same as the one they thought they were on.  The site will download the ransomware.  Before they know what hit them, the dreaded popups start to appear.  Check these out for a further explanation of drive bys.

1.6 Ways to Defend Against Drive-by Downloads. CIO (2012). at <>
2.How malware works: Anatomy of a drive-by download web attack (Infographic) | Sophos Blog. at <>

Also check out these ransomware article on EE:'t-be-caught-out.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I think drive-by is also something where the risks are reduced with proper user education. The user is always the biggest risk of all.
Thomas Zucker-ScharffSolution GuideCommented:
I agree, user education is paramount.  Although somethings cannot be helped.  I practically grill my wife on proper security practices when using a computer.  She is an ESL teacher and is constantly looking for new relevant material.  One day she visited an ESL site she had probably been to over 100 times and malware was downloaded onto our laptop.  She called me over immediately (luckily it was at night and I was home) and I was able to squash the bug before it had time to do anything.  But the site apparently had malvertising on it.  Malware advertising is not easily caught and it usually takes some time before the website where it is hosted realizes they have been hit.  Since most websites use third party advertising companies and those companies are more easily hacked, malvertising is an easy way for malware writers to gain a foothold.

More recently malvertising has been used to download a trojan onto target computers which then contacts a C&C server that downloads the ransomware payload.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.