Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Companies claiming they can decrypt Cryptowall files - is this true?

  • Please log in to reply
3 replies to this topic

#1 Minette


  • Members
  • 7 posts
  • Local time:08:15 AM

Posted 11 November 2015 - 09:51 AM

Hi all, I found these 3 companies on the internet who claimed that they could decrypt Cryptowall 3 encrypted files. Everywhere else on forums, it states that no one can yet decrypt these files. I emailed one of the companies below, and was quoted $3000 to decrypt my files, which is more than 4 times as much as the "ceyminals" want as ransom. Does anyone know of any other companies who can decrypt cryptowall files for a reasonable amount?

BC AdBot (Login to Remove)


#2 Sintharius


    Bleepin' Sniper

  • Members
  • 5,639 posts
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:15 PM

Posted 11 November 2015 - 09:56 AM

Hello there,

My thought is that those companies do not actually decrypt your data - instead they use your money to pay the ransom, then take the rest as profit. (White Hat Mike summed it up here.)

Currently there are no possible solutions for CryptoWall if you do not have a backup and recovery tools did not work. It's either paying the ransom or wait for a change in the future.

#3 Aura


    Bleepin' Special Ops

  • Malware Response Team
  • 19,697 posts
  • Gender:Male
  • Local time:08:15 AM

Posted 11 November 2015 - 10:04 AM

Is it me, or RedMosquito and ProvenDataRecovery are using the same screenshots and same texts (copy/paste)? Seems phishy to me.

Also, ProvenDataRecovery isn't very responsive...


Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#4 Gorbulan


  • Members
  • 832 posts
  • Local time:06:15 AM

Posted 11 November 2015 - 10:47 AM

Provendatarecovery and Redmosquito have very similar websites, they appear to copy and paste a lot. That is not a good sign. Proven also has a chat window that appears automatically, also not a good sign. I have a feeling Redmosquito and Provendatarecovery are, or are owned by, the same company.



Also, ProvenDataRecovery isn't very responsive...


I bet it is totally fake. It is there to imply they have customer service that cares about you. It is more personal to have chat window than an ordinary message system, like a help desk.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users