Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cryptowall 3.0 Ransomware

  • This topic is locked This topic is locked
2 replies to this topic

#1 David1974


  • Members
  • 1 posts
  • Local time:09:58 AM

Posted 06 April 2015 - 06:40 AM

Hi all, I have been infected by what claims to be cryptowall 3. I was using an xp computer at the time. Quite a few very important files were infected, most were ok on backup but I tried using decryptolocker.com on a sample infected file but it says " The file does not seem to be infected by CryptoLocker. Please submit a CryptoLocker infected file.

Is there anyone here that might have a possible solution as I couldn't afford the €500 ransom.





BC AdBot (Login to Remove)


#2 Aura


    Bleepin' Special Ops

  • Malware Response Team
  • 19,683 posts
  • Gender:Male
  • Local time:04:58 AM

Posted 06 April 2015 - 06:59 AM

Hi David1974 :)

The online service "Decrypt CryptoLocker", by FireEye and Fox IT can only be used to decrypt files that were encrypted by the original Cryptoware, CryptoLocker. This is possible because during the Operation Tovar that was used to shut down the GameOver ZeuS botnet, which was used to distribute CryptoLocker, they seized servers were the private keys used for encryption were uploaded to. After that, they set up the DecryptCryptolocker.com website that allows you to upload a CryptoLocker encrypted file and it'll test it against the 50,000 private keys they retrieved from the server to see if one matches your file private key. If it does, they'll send you a decrypter executable along with your private key. Therefore, files encrypted by any other Cryptoware other than CryptoLocker cannot be decrypted via this service.

Also, there's only 3 ways to get your files back when you get infected with CryptoWall 3:
  • Restore them using the Shadow Volume Copy service, which was probably deleted during the infection;
  • Restore them from a back up you took prior to the infection;
  • Restore them by paying then ransom;
If the first and second options aren't available to you, the only one left will be the third one sadly. CryptoWall files cannot be decrypted, like Nathan explains i n the following post. You can visit the support threads created for the CryptoWall infection and ask for assistance there and also give the CryptoWall FAQ a look.

Support threads:FAQ:

Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#3 hamluis



  • Moderator
  • 56,290 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:58 AM

Posted 06 April 2015 - 07:12 AM

Please...see comments by quietman7 at CryptoWall Advisement - http://www.bleepingcomputer.com/forums/t/565279/hit-with-cyptowall-please-help/?p=3614936 .


This topic is now closed to avoid confusion.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users