Recovering Files Infected By CryptoLocker Or CryptoWall
December 13th, 2015, 20:35
Is it possible to recover files infected by CryptoLocker Or CryptoWall ??
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 13th, 2015, 21:04
yes, if you get the decryption key from the criminal who holds it
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 13th, 2015, 21:17
I just got in an encrypted HDD with Cryptowall 3.0. I have hunted around but found no solution.
The Douchebag criminals won't be getting any money from us, but the poor guy has lost quite a bit of business and family files. If I was in Law Enforcement, I wouldn't last long. I would be indited for first finding these asshats, then imaging all their kit without their knowledge, then infecting them, and everyone else they know, friends, family etc... then outing them as the masterminds of this rubbish and let nature take its course. after a few months lock up and throw away key... like they so love to do. when they cry, say well.. it has been 3 days and no payment of the fine...now the key has been melted down.
I know, hipocritacal hitting the friends and family, but social justice isn't always pretty...
Be honest, how many of you like that scenario??
The Douchebag criminals won't be getting any money from us, but the poor guy has lost quite a bit of business and family files. If I was in Law Enforcement, I wouldn't last long. I would be indited for first finding these asshats, then imaging all their kit without their knowledge, then infecting them, and everyone else they know, friends, family etc... then outing them as the masterminds of this rubbish and let nature take its course. after a few months lock up and throw away key... like they so love to do. when they cry, say well.. it has been 3 days and no payment of the fine...now the key has been melted down.
I know, hipocritacal hitting the friends and family, but social justice isn't always pretty...
Be honest, how many of you like that scenario??
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 13th, 2015, 21:40
HaQue wrote:Be honest, how many of you like that scenario??
i do
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 13th, 2015, 22:24
How do we know which version is which?
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 13th, 2015, 23:31
TerraNova wrote:How do we know which version is which?
The one I have has it displayed in the .gif graphic in each folder that has encrypted files.
I did hear on some InfoSec podcast that they were using a tactic to make one version look like something else as a decoy. But I cant remember specifics. I only have the portable HDD of the victim so they are definitely S.O.L.
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 14th, 2015, 5:19
There is no solution for this.
Even agencies with 3 letters can not do nothing. FBI says pay.
http://gizmodo.com/the-fbi-thinks-ranso ... socialflow
Even agencies with 3 letters can not do nothing. FBI says pay.
http://gizmodo.com/the-fbi-thinks-ranso ... socialflow
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 14th, 2015, 5:21
If you find a key.dat file located somewhere in /Appdata, then there might be hope. Usually for files renamed to .vvv or .whatever there is no much hope.
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 14th, 2015, 7:16
You could try http://www.passware.com
We have used it only in cases with a password protected document etc and it worked with the brute force attacks.
Good Luck!!
We have used it only in cases with a password protected document etc and it worked with the brute force attacks.
Good Luck!!
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 14th, 2015, 7:29
day1data wrote:You could try http://www.passware.com
We have used it only in cases with a password protected document etc and it worked with the brute force attacks.
Good Luck!!
great software for legitimate passworded or encrypted files, but not for malware ransomware.
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 14th, 2015, 10:46
Good start HaQue! I have been telling clients to hang onto the data as in a year or two there is some chance of getting the keys. You must check files as sometimes you get lucky- one companys quickbooks files were spared because someone forgo to log out of QB- the bad employee saved the day 
. Apparantly another client must have shut down a system before the ransomeware was done on another case- some items were not yet encrypted. The latest versions of ransomeware are near perfect. versioning Backups is now mandatory in business.
. Apparantly another client must have shut down a system before the ransomeware was done on another case- some items were not yet encrypted. The latest versions of ransomeware are near perfect. versioning Backups is now mandatory in business.
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 20th, 2015, 21:56
There are 3 softwares for partial data recovery. Everyone know these softwares.
Sending PM .
Sending PM .
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 20th, 2015, 23:46
higgsboson wrote:There are 3 softwares for partial data recovery. Everyone know these softwares.
Sending PM .
what is the reason for only PM the name of the software? Seems it would be rather helpful to list them publicly
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 23rd, 2015, 3:26
Dear HaQue
Yes I totally agree with you. Knowledge must be shared for benefit of everyone.
However there could be several end customers among data recovery specialist.
If I explain / open everything to everyone then there will be no difference between customer and professions.
Only difference between them is knowledge and day by day thanks to google one can get it from net like I have got it.
Every DR person has some knowledge which he does not share to everyone & I am sure you are not exception as ultimately we are not here for pure charity.
Hope you will understand after long explanation.
Yes I totally agree with you. Knowledge must be shared for benefit of everyone.
However there could be several end customers among data recovery specialist.
If I explain / open everything to everyone then there will be no difference between customer and professions.
Only difference between them is knowledge and day by day thanks to google one can get it from net like I have got it.
Every DR person has some knowledge which he does not share to everyone & I am sure you are not exception as ultimately we are not here for pure charity.
Hope you will understand after long explanation.
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 23rd, 2015, 5:37
higgsboson wrote:There are 3 softwares for partial data recovery. Everyone know these softwares.
Sending PM .
???
For what its worth and for a bit of fun lets try to guess the names of these 3 softwares.
1- Winhex?
Re: Recovering Files Infected By CryptoLocker Or CryptoWall
December 24th, 2015, 5:19
hey come on dick
So far you have given only 1 name , where are others two ? Seems your fun is incomplete.
Like cryptowall Ransomware I am giving you 80 Hours to name others , else you will FAIL.
Ha Ha Ha.
So far you have given only 1 name , where are others two ? Seems your fun is incomplete.
Like cryptowall Ransomware I am giving you 80 Hours to name others , else you will FAIL.
Ha Ha Ha.
Powered by phpBB © phpBB Group.