EvilZone
Community => General discussion => : bclankford June 23, 2015, 08:30:44 PM
-
So I did a search and didn't see anything on the forums. I was trying to help someone with CryptoWall and figured I would ask the pros. A quickbooks file was encrypted and they really need it, so of course paying the ransom money is an option. No backups were pointed to the quickbooks file and shadow copies were never enabled..lol. Is there any other way you guys know of to restore an encrypted file? The quickbooks file was too large to get decrypted with the free file unlock. lol I didn't know where this thread would be best placed, so please move it if there is a better location. Thanks in advance.
-
Pay the ransom, try harder next time.
Even if we lived in a magical world where ransomware used weak encryption algorithms and even weaker keys, it would likely still take weeks, months, or centuries to bruteforce with great hardware. I assume your friend needs the document "now" or "soon."
I think the best advise you can give folks is to have a bitcoin wallet up and running. It sometimes takes people many days of research just to figure out how bitcoin works, which means even people willing to pay ransom won't be able to do it in time (7 days).
-
Pretty sure the first mistake any new computer user makes is learning ... back up, back up, back up.
Its kinda important, like wearing a seat belt.
-
You have not much options with CryptoWall. It secure deletes the files and also shadow volume copies. But just in case it failed with secure deletion you could try file recovery software.
I can recommend:
R-Studio: http://www.r-studio.com/
Photorec: http://www.cgsecurity.org/wiki/PhotoRec
If that fails (the success chance is low), please backup the encrypted files and at least a few of the ransom notes. You might be able to decrypt the file some time in the future and then you will need them.