I have a situation. A customer of mine (I work for an IT company) got hit with CryptoWall 2.0. All local files, plus files on their server that were mapped to a drive, were encrypted.
Regarding the server files: we were able to recover from backup (yeah!)
Regarding local PC files: We had to resort to paying the $500 ransom. So we did. Later, we ran the decrypt program, which included both public and private keys in the package. It went about (or so we thought) decrypting thousands of files. It took hours.
When I checked the next day, NONE of the files were decrypted! And the decrypt.exe file, when run again, now gives an error message:
"The version of this file is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need an x86 or x64 version of the program..."
So my effort to re-run the decrypt has failed (I tried all sorts of compatibility fixes).
It appears that not only did the first decrypt run not decrypt anything, but the author then sabotaged the program!
If I go back to my "personal TOR homepage", it now simply says "the keys cannot be found." I have no way of contacting the author.
ANY thoughts about how to recover? I do have the public and private keys, though no application to decrypt.
Help greatly appreciated!