Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cryptowall (ransomware)


  • This topic is locked This topic is locked
3 replies to this topic

#1 JMonty

JMonty

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, OH
  • Local time:07:15 PM

Posted 17 June 2015 - 10:12 AM

Guys,

I have a question regarding Cryptowall and external drives.  I was working on my neighbor's laptop preparing to do a rebuild by copying off files onto my external USB drive.  I copied several GB's of data onto my Seagate USB drive before I noticed that the machine was hit with ransomware/Cryptowall.  I had the (3) distinct files in most every root folder.  I also went to the URL that it provides and it requested $700 for the decrypt file.  I tried to open a password txt file on my external drive that had been copied from the infected machine to see if it was infected and it was unreadable, same with pic files etc.  That was stupid thinking about it now but hindsight is 20/20.  

 

So my question is now that I wiped that computer clean did the ransomware virus attach to my external drive? I have data, client files and ISO's that I would like to keep but not worth infecting my work computer to test.  I read a few post that say Cryptowall can/does infect external drives and others say that you should be fine. I was wondering if I plug USB drive in and delete the folder where all the backup files were without launching any files would the drive be fine or would it possibly infect the computer that I attach it to?  

Thanks for your replies!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:15 PM

Posted 19 June 2015 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If not all ready seen have a look at this topic.
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#shares

Quoted.

Once infected the installer will start to scan your computer's drives for data files that it will encrypt. When the infection is scanning your computer it will scan all drive letters on your computer including removable drives, network shares, or even DropBox mappings. In summary, if there is a drive letter on your computer it will be scanned for data files by CryptoWall.


If you USB was not connected at the time of the infection it should not be infected.
The files that were copied to your USB are not malicious.

===

#3 JMonty

JMonty
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cincinnati, OH
  • Local time:07:15 PM

Posted 19 June 2015 - 07:28 PM

Thanks Nasdaq.  You were correct, I rebuilt the infected laptop and hooked the USB drive up and my files were not encrypted.  Thank you sir!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:15 PM

Posted 20 June 2015 - 08:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users