Infected By Cryptowall, My Documents And Pictures Are Encrypted.

Hallo

Does any one know of anything at all that could get my files back? Recovery software that may work? I do not have a recent back up and my shadow copies appear to have gone.

I attack a .png

 

Sorry, I posted this in the wrong forum, can you please send it to software?

 

tadpole...

Take a look at this:

http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html

 

Hi AtlBo

Thanks for that link. Unfortunately non of the file recovery tips helped as they have deleted my shadow copies and prior system restore points. From what I have read about cryptowall, it encrypts each file, and deletes the original(I was hoping un encrypted) I also followed the instructions in this link http://deletemalware.blogspot.co.za/2015/05/how-to-remove-locker-virus-and-restore.html. After following it I downloaded and ran lockerUnlocker.exe but it said I it found no key and I may not be infected by cryptowall. Now I wonder if removing the malware also removed the key.

 

What are the file extensions of the encrypted files?

 

They appear to be .txt, .doc, .xls, .pdf, and jpeg.

 

When a file is encrypted, the file extension is usually changed.
Double-check.
Kaspersky has released software to decrypt files that have been encrypted with Coinvault and Bitcryptor ransomware.

 

Sorry, I thought you meant what file extensions of the original files were encrypted. Here is an example of a few that were encrypted.

.1pt
.e8
.6i
.2fw
.33hq

They have used multiple extensions. I will look at kapersky, thanks.

 

Here's the link to the Kaspersky software.
http://www.majorgeeks.com/files/details/kaspersky_coinvaultdecryptor_tool.html

And here's one from Panda.
https://www.technibble.com/panda-ransomware-decrypt-tool-restore-encrypted-files/

 

Thanks for the link.

The ransomware authors in this case have been arrested and all existing keys have been added to the database. Read more at: https://tr.im/w1yVE Does this mean it will only work for coinvault and bitcryptors? I don't see any mention of cryptowall? On trying to run one of these tools, it is telling me to find : filelist.cvlst which I do not appear to have.

 

You posted...

That's why I recommended the other tools.

Here's a list of tools.
https://prevexp.wordpress.com/2014/...cted-by-known-encrypting-ransom-ware-viruses/

Edit:
I had another look at your screenshot.
Your files have indeed been encrypted with CryptoWall.
There's currently no decryption tool available.

 

Thanks

 

tadpole...

According to this, there might be a little hope:

http://www.bleepingcomputer.com/for...freely-available-for-victims-of-cryptolocker/

I visited the referenced site, and it has been decommissioned due to the large number of copycat cryptowall versions that cannot be decrypted at the present time. They claim to have helped over 5,000 people and small businesses get their files back. At least it proves that it may be possible at some point in the future to decrypt your files.

 

Thanks AtlBo, I will just have to wait and hpe for the best!

 

AltBo,
I just visit the site and clicked on this link.
https://www.decryptcryptolocker.com/
There's no option to upload the encrypted files.
Your thoughts?

 

I tried going to fireEye.com in the hope of finding somewhere there to upload the files, but could not find anywhere. I do have the criminals bitcoin address, but have no idea where to send it.

 

Send it to Kaspersky Lab.
Here's the contact information in South Africa.
http://www.kaspersky.co.za/about/contactinfo/

 

Thanks for the link.

 

Eldon...

Yeah I saw that. Reading the text, the site was apparently decommissioned due to the large number of copycat attacks where the decryption keys had not been yet obtained.

I imagine they turned over the responsibilities of helping others with crytolocker to Kaspersky or some other a-v company. Probably is a pretty good amount of work going on behind the scenes to track down the criminals and the get the keys for the more current undecryptable versions.