[Inactive] Cryptowall 3.0 removal??
Results 1 to 2 of 2

Thread: [Inactive] Cryptowall 3.0 removal??

  1. January 31st, 2015, 06:17 PM #1
    MPTech's Avatar
    MPTech
    MPTech is offline Virtual PC Surgeon!
    Join Date
    Jan 1999
    Location
    St. Louis, Mo. USA
    Posts
    1,427

    [Inactive] Cryptowall 3.0 removal??

    This is annoying, but I thought I would try to help anyway.

    A co-worker of my wife's, husband called me (yeah never talked to the guy before in my life, but he calls asking for help). He's a cop and served several duties as an MP in IRAQ and other bad places. I do appreciate his service!

    So he tells me that he has a laptop and external HDD that have been infected with Cryptowall 3.0 (ransomware), that has encrypted all of his files and he cannot open any of them. He also tells me that he has personal, law enforcement, and military files on them(?) He explained that a message is popping up, requesting $500 within 30 days or his files will be permanently encrypted and useless. He also said that he tried connecting the external HDD to another PC, and was still not able to open them.

    THEN he tells me that he's given the laptop and HDD to a Professional PC guys that specializes in removing Viruses, etc. (??)
    THEN he asks me what he should do!!?? (remember he's already given it to a "Professional")
    (I explained that I am totally unfamiliar with this particular virus, but I'd do some research and ask on this forum)

    I really don't know what he wants me to do at this point (all I have is what he told me over the phone and I do not have his laptop or external HDD)

    Anyone know about this? I've done a couple searches and Malwarebytes claims they can remove it, but the files would need to be restored from backups (which I don't know if he has).
    Removal instructions for Cryptowalll/

    Here's a Youtube video showing how to pay in Bitcoin ($500 initially, $1000 if you wait longer):


    Best I can tell, the files are not recoverable.
    WinXP/98 dualboot - P4 2.4b 533FSB
    Asus P4PE/L MoBo
    512MB Corsair DDR PC2700
    HDD1 - 160gig Seagate HDD2 - 60gig Maxtor
    Antec SOHO File Server w/400 watt PSU
    Reply With Quote Reply With Quote
  2. January 31st, 2015, 07:13 PM #2
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Unfortunately bad news unless he has some backup.

    Is it possible to decrypt files encrypted by CryptoWall? Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom on the CryptoWall Decryption Service. Brute forcing the decryption key is not realistic due to the length of time required to break an RSA encryption key. Also any decryption tools that have been released by various companies will not work with this infection. The only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies.

    From: http://www.bleepingcomputer.com/viru...re-information
    My Home Page
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules