Endpoint Protection

I have a client who WAS infected with the CryptoWall virus which encrypted all of their Word / Excel / Picture files!  I have been searching for an organization that may have the expertise to DECRYPT these files without success!  

Does anyone know of a company?  (will not pay the ransom so that option is off of the table)

Thanks,  Russ

If a newer version, decryption won't be possible. It uses unbreakable encryption.

For older versions you could try this:

https://www.decryptcryptolocker.com/

You could check for this article:

http://blogs.cisco.com/security/talos/teslacrypt?f_l=s

A health Backup would be the most effective way.

Hi Russ,

Restoring from a known good backup is the only option.  Do not pay the ransom!

Recovering Ransomlocked Files Using Built-In Windows Tools

https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

 

Support Perspective: CTB-Locker and other forms of Crypto malware

https://www-secure.symantec.com/connect/blogs/support-perspective-ctb-locker-and-other-forms-crypto-malware

Ransomcrypt: A Thriving Menace (aka Cryptolocker: A Thriving Menace)

https://www-secure.symantec.com/connect/blogs/ransomcrypt-thriving-menace   

 

Cryptolocker Q&A: Menace of the Year

https://www-secure.symantec.com/connect/blogs/cryptolocker-qa-menace-year   

 

First Response to: Cryptolocker \ Ransomcrypt\ Encryptor

https://www-secure.symantec.com/connect/articles/first-response-cryptolocker-ransomcrypt-encryptor

Also:

 

 

The Day After: Necessary Steps after a Virus Outbreak

https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak

And:

A good public Connect forum thread on how to protect yourself: https://www-secure.symantec.com/connect/forums/cryptolockercryptodefense-defenses

Mick

Hello,

This is a new evolution of Trojan.Cryptodefense that has been around for a few months. Here is our write-up for it:

Trojan.Cryptowall
http://www.symantec.com/security_response/writeup.jsp?docid=2014-061923-2824-99

See also this thread: https://www-secure.symantec.com/connect/forums/i-have-virus-cryptowall

This one arrives mostly through drive-by downloads. Here's a video:

Symantec Guide to Scary Internet Stuff - No 4 Drive-by downloads
https://www.youtube.com/watch?v=J0QXD2ts4Qc

Every day brings new variants of cryptolockers- keep AV, IPS and other protection up-to-date. Keep browsers and browser plugins patched. These resources might help:

• Cryptolocker Q&A: Menace of the Year
• Recovering Ransomlocked Files Using Built-In Windows Tools
• Additional information about Ransomware threats
• Ransomcrypt: A Thriving Menace (aka Cryptolocker: A Thriving Menace)

There's no way to decrypt the sabotaged files, unfortunately- restore from a known-good backup.

Please do keep this thread up to date in case there is any extra data you need, or do mark it completed if this has answered your question. Many thanks!!

Just checked in and found all of your input and will proceed in reviewing each one in due time!

Thanks for your assistance in this matter...

Russ

Cheers Russ!

If time allows, please do mark the thread as "solved" for the benefit of future admins with the same question.  ("Solved" threads are indexed in search results, whereas "needs solution" threads are not.)

With thanks and best regards,

Mick

Please mark an actual solution here.

There is no solution offered at this point and it appears as though there will be no solution!

Thanks,

Russ

Then no post should be marked if you feel no solution is possible.

To sum it up, cryptolocker uses unbreakable encryption. Your only two options to get the data back are to pay the ransom (do not for a variety of reasons) or restore from a known good backup.