If you do not have a backup of the files you have no option but to pay the ransom. The Cryptowall 2.0 virus is very sophisticated and makes certain that without a backup you have no other choice. Just last week I had a client that had this exact virus and
it encrypted over 10,000 files on their server. They were not doing regular backups. I was able to pay the ransom and did get their files back. If you do decide to pay the ransom be aware that there is a date when the ransom will double from $500 to $1000.
If you do not pay after that the encryption keys will be deleted from their server and the files are lost for good. There is no program available to decrypt the files but the attackers decryption version because they hold the encryption keys.
Here is what I did to get the files back.
- Create a bitcoin account and fund it. I used coincafe.com and their support was great. Make sure to buy a little extra bitcoin because the price fluctuates like the stock market and when you go to pay you may not have enough if the price goes down.
- Also know that there is a process they make you go thru to prove your identity so it's not a quick process. I had to go to their bank (Bank of America) and make a cash deposit to their account. The have complete instructions on their website.
- If you are close to the deadline to pay you will need to get it funded quickly and they will cost you extra. I funded mine the same day. $550 worth of bitcoin cost me $675 for same day funding.
- The virus message has an address to send the bitcoin to. In your bitcoin account use this address to send the ransom. By the way, they use bitcoin to pay because it is virtually untraceable.
- When transfer is complete you will receive a transaction ID. Copy and paste this into the Transaction ID filed at the bottom of the ransom note.
- Once the ransom is paid it will take several hours before the payment is confirmed thru bitcoin and the virus senders respond. In my case it was 3.5 hours after I paid. However they did send the link to download a zip file with the unencrypt program and the public and private keys.
Once I ran the program all of the files were recovered. There is no guarantee they will send it to you but I have not read any account where they did not give you the program to unencrypt the files.
- Hope this helps you or anyone else out there with this problem.
I found myself dealing with the very same issue, with a friend of mine. Her computer was infected. I ran an anti virus program which indicated there were numerous amounts of malware running rampant on her computer, I assumed I eradicated them all. Still the computer was on the ziggety-boom not functioning correctly at all. To make matters worse, all of her word documents, pdf docs. photos and videos either could not be opened or read. I saw the encryption notices and took the time to read them. Unfortunately, this was done after completely wiping her drive and reinstalling the OS and software. In essence I completely restored her computer to its original form with the exception of all the files mentioned above. To my horror, I did some research, and found that there ways to restore the files without paying the ransom. (Do an internet search using CryptoWall 2.0 or RSA 2048, there are several demonstrations on how to remove the registry keys for the virus as well as restoring the files, the only problem that I am aware of is that you cannot have reformatted the Harddrive). Once the drive has been formatted all the data that might restore the documents is gone. Visit UTUBE FOR INSTRUCTIONAL VIDEOS ON THE VIRUS REMOVAL and FILE RESTORATION. For me it is too late maybe this tidbit of info can help someone avoid becoming a victim.
The more I think I know computers, the more I know that I don't!
This topic is archived. No further replies will be accepted.
Other recent topics
