Posted 21 May 2015 - 06:33 PM
CryptoWall, Alpha Crypt & TeslaCrypt and some other ransomware infections encrypts data using RSA encryption...Ransom notes typically indicate "All of your files were protected by a strong encryption with RSA-2048."
Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .CTBL, .CTB2, .XTBL, .encrypted, .vault, .HA3 or 6-7 length extension consisting of random characters?
Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a random named .html, .txt, .png, .bmp, .url file.
.Windows Insider MVP 2017-2018Microsoft MVP Reconnect 2016Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted EliminatorsIf I have been helpful & you'd like to consider a donation, click