2
Just want to make sure there is no decryptor tools (those that use leaked private keys) for the CryptoWall variation of the virus before we go and do the undoable? And are there any cases of people that paid but didn't get their stuff decrypted?
p.s. I know I know, but it's not my PC but non tech savy person I know. Of course he didn't do backups either...
user240891
Posted 2015-12-21T13:59:10.537
Reputation: 51
2
To my knowledge, there arent any working decryptors.
There have been a few private keys leaked - but I have never heard any of these to be working. If they were, it wouldn't take long for the developers to change the keys, recompile and send the software out again.
You may get lucky with some of the leaked keys IF they are genuine and IF your friends computer is infected with an older version of the virus that uses those keys. The likelyhood is very slim though I'm afraid.
Sorry to be the bearer of bad news.
Your best bet is to rescue what you can (safe mode, boot pen etc to copy whatever is uninfected off the machine) and then do a complete wipe of the machine.
I know some people say there are articles which help you free the machine of the virus (ditching all infected data in the process) - but once a machine is infected - you can never be 100% certain that you've removed all trace of the infection without a full wipe.
Fazer87
Posted 2015-12-21T13:59:10.537
Reputation: 11 177
1To everyone else having this problem. We PAID the ransom. ($500 in bitcoin) About 6 confirmations later (1 hour) the crooks site provided decryptor.exe that actually decrypted everything just fine. So they are legit crooks... – user240891 – 2015-12-23T16:12:49.510
Then you were lucky. There are a lot of people out on the net saying that they have paid repeatedly and still havent been given a working decryptor – Fazer87 – 2015-12-24T08:54:38.577
That is very sad. I looked up briefly but was unable to find any such feedback so went ahead and paid. Just saying for everyone else that will be searching for info. In my case with that variation of the virus. All was fine and uhm "professional" lol – user240891 – 2016-01-04T12:25:27.513
I would try to get the point across not to pay them. There is always a chance you can't get the files decrypted, and if he pays, it's more incentive for them to continue doing it. People need these hard truths to see they need to backup their files, and stop paying the bad guys to make more encryption viruses. Just explain good backup methods to your customer. – dakre18 – 2015-12-21T14:17:31.950
1You do understand there are multiple variations of CryptoWall itself right? Some have decryptor tools, most do not, there is not a single variation of Cryptowall. – Ramhound – 2015-12-21T17:25:01.333