Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


cryptowall 3.0

  • This topic is locked This topic is locked
1 reply to this topic

#1 SirFrancis


  • Members
  • 7 posts
  • Local time:11:40 AM

Posted 22 July 2018 - 02:09 PM



       All the data files on my brother's computer were encrypted by a ransom virus sometime around


the time  of March 2015. They all had and still have a file extension of .ECC. The ransom note wasn't


paid and I had the virus removed. The ransom note that accompanied the files said "All of your files


were protected by a strong encryption with RSA  2048 using Cryptowall 3.0."



       The problem now is getting the files decrypted so I can restore their original state and see just what


they are. Virtually everyone I have spoken to so far has been pessimistic.





Edited by hamluis, 22 July 2018 - 02:55 PM.
Moved from Introductions to Ransomware - Hamluis.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,768 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:40 AM

Posted 30 July 2018 - 11:10 AM


We can only help with .ecc files if you have the extra text file that has the data needed to determine the key. Even the criminals would not have been able to get your key back without it.

In order to recover the decryption key for your files, we need to recover the PrivateKeyBC or PrivateKeyFile, but we first need to determine the corresponding shared secrets and public keys. This information can be obtained from one of the following sources:

Recovery file (RECOVERY_KEY.TXT, RECOVERY_FILE.TXT, recovery_file_*.txt, recover_file_*.txt located in your documents folder)
Tesla's data file (key.dat*)
* key.dat information:

636 and 648 bytes long key.dat doesn't contain ECDH so they are not supported in TeslaViewer.
656 bytes long key.dat is a hybrid version and it is supported in TeslaViewer if the content is valid. (This data file should be manually checked. Please contact BloodDolly via PM on BleepingComputer.com.)
752 bytes long key.dat is supported in TeslaViewer.

Post #5727

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in that support topic discussion. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users