You said this infection occurred in 2014. An earlier version of CryptoWall 2.0
left files (ransom notes) named install_tor.url. CryptoWall does not change extensions on a file like many other ransomware infections which encrypts a file and adds an obvious extension to the end of the affected filename.
A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0, CryptoWall 3.0 & CryptoWall 4.0
is provided by Grinler
(aka Lawrence Abrams), in this topic: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ
Unfortunately at this time there is no fix tool and decryption of CryptoWall files...is impossible
since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. For a more detailed explanation, read this reply
by Nathan (DecrypterFixer).
The only methods you have of restoring your files is explained in the FAQ: How to restore files encrypted by CryptoWall
...but there is no guarantee that will work. As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups
. If that is not a viable option, the only other alternative is to save your data as is and wait for a possible breakthrough
...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time.
There are ongoing discussions in these topics where you can ask questions and seek further assistance.
Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of the above support topic discussions. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.
The BC Staff