What Do I Do if I have CryptoWall or CryptoLocker?

I am surprised how many people are still calling with CryptoLocker problems.   I have gotten three calls in the past two days from people who have had infected/encrypted Cryptolocker files for as long as three months and they are just now dealing with the issue.  At this point in time I am not even sure paying the ransom will work for victims as the CryptoLocker network was taken down a couple of months ago by international law enforcement and with CryptoWall users only have 30 days to comply with the ransom demands.

So what options do you have if you are like these recent callers?

Here is a great link on this topic from BleepingComputer.com, but in short these are your options:

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#decrypt

If your files have become encrypted and you are not going to pay the ransom then there are a few methods you can try to restore your files.

Method 1: Backups

The first and best method is to restore your data from a recent backup. If you have been performing backups, then you should use your backups to restore your data.

Method 2: File Recovery Software

When CryptoWall encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you can use file recovery software such as R-Studio or Photorec to possibly recover some of your original files. It is important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.

Method 3: Shadow Volume Copies

As a last resort, you can try to restore your files via Shadow Volume Copies. Unfortunately, this infection will attempt to delete any Shadow Volume Copies on your computer, but sometimes it fails to do so and you can use them to restore your files. For more information on how to restore your files via Shadow Volume Copies, please see the link below:

How to restore files encrypted by CryptoWall using Shadow Volume Copies

Method 4: Restore DropBox Folders

If you had your dropbox account mapped as a drive letter then it is possible that its contents were encrypted by CryptoWall. If this is the case you can use the link below to learn how to restore your files.

How to restore files that have been encrypted on DropBox folders

You can always call us at Alvaka Networks if you need some help over the phone or through remote support at 949 430-7285. 

2014-10-13T21:22:18+00:00