Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cryptolocker/Cryptowall infection - data recovery?

  • This topic is locked This topic is locked
1 reply to this topic

#1 rsakuma


  • Members
  • 18 posts
  • Gender:Male
  • Local time:11:04 AM

Posted 14 October 2014 - 02:58 PM

A customer just called me and quoted the cryprolocker/cryptowall ransom note. While I am well versed in computer repair and virus removal, this is a whole new barrel of fish for me. So I would like some help recovering the data.
THE SITUATION: Older desktop, unknown security. Massive spy/virus infection suspected from complaints of popups and search hijacks
Left computer on at 6pm PST last night. Came back to Cryptolocker script. No idea how long it has been on there, but I'm suspecting it has been for a while so the volume shadow copy service is probably not a viable solution. She does have dropbox, but I doubt it has been used
THE PROBLEM: We are not sure if she has a backup. When asked if she had an external hard drive, she responded "what, like a zip drive?" leading me to think that if any backups exist they're probably just individual files on a thumb drive.
THE PROCESS: We need to recover the encrypted data into an un-encrypted form, and transfer it to a new computer.
I am asking for help, since last time I went ahead and tried to remove a new/not well documented infection on my own, I ended up triggering zeroaccess and butchering the TCP/IP stack.

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)


#2 Animal


    Bleepin' Animinion

  • Members
  • 35,905 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:04 AM

Posted 14 October 2014 - 03:02 PM

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it and possibly recover your data.

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack program. Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

If you only need removal instructions, refer to Malwarebytes Anti-Malware Removal instructions for CryptoLocker.

The BC Staff

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users