CryptoWall

NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
Anyone been hit with the CryptoWall 3.0 ransomware? Got a user who has it and they had a lot of data on their computer. From what I've found online there doesn't seem to be a fix for it, but figured I'd throw the question out on here!

They are debating on paying the $700 ransom in hopes they can decrypt their data right now...

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Infosec Pro: "Easy, format and restore from the latest backup"
    User: "(insert long silence here...)"

    Is this a case of not having backups in place or the user bypassing processes and not keeping data in the right location?
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Yea, saving a lot of important documents in a place they shouldn't have been...
  • J_86J_86 Member Posts: 262 ■■□□□□□□□□
    There is no fix for Cryptowall. The data is encrypted.
    When I worked for an MSP, we had this happen ALL the time in the last several months. We never recommended people pay the ransom, you are risking losing the money and not even being able to recover any data. With that being said, we did have one customer pay the ransom on their own ( backups were not running correctly) and they were able to get the data. They ended up paying about $800.

    They called us the next day and wanted to implement all of the backup recommendations we made to them several months before.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Yea, I've told him that everything is encrypted and the only way he is going to see it if he pays the ransom. And have let him know that there is chance that you still might not get the data back even after you pay. But it's an upper management guy who stored a ton of documents on his desktop, pretty sure he is planning on paying the $700.

    I actually think he still thinks I'm going to magically find a way to decrypt it despite me telling him it is impossible....
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Yes, I had that recently for a user. Luckily, he wasn't in the office (he was remote) so it didn't spread to their network.

    I ended up just getting him a new machine sent to him. You can remove the malware itself, but you aren't going to decrypt any files.

    And as far as the money goes...I've heard good things about getting everything decrypted after payment. The user I had didn't have a ton of stuff of value on there and had Mozy installed doing daily backups, so of course he didn't pay anything. But they kind of have to have a good rep to decrypt your stuff, otherwise no one would pay and they would lose money.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Think I may have found something that helps, ShadowExplorer. ShadowExplorer.com - About It's actually finding alot of usable files. They might not be the last version of the file but if someone gets this ransomware and wants save a bunch of money and still have some of their files I recommend this!
Sign In or Register to comment.