The CryptoWall ransomware (and programs like it) have been around for a long time.
Getting infected with CryptoWall can be a very scary, damaging, and even costly experience. CryptoWall is a type of malware called ransomware, literally holding your files for ransom and demanding $500 for their release.
If you’ve been infected by CryptoWall (or would like to learn how to avoid such a situation), read on.
What is CryptoWall?
CryptoWall is a Trojan horse malware program that usually enters your computer by pretending to be something it’s not in an email attachment. The attachment usually claims to be something business related or time-sensitive—opening it results in the infection of your system.
Once CryptoWall infects a system, it sets out encrypting all of the files that it can find.
CryptoWall indiscriminately encrypts, hides, and deletes all types of files, including pictures of loved ones or important documents. The program’s developers don’t want to waste resources storing your files on their own servers, so the encrypted files are simply moved into your computer’s registry.
The solution that the malware offers you is to fork over $500 for decryption software and a decryption key in order to restore your files. It also presents you with an ultimatum: pay within a number of days or the price goes up.
Can I get my files back?
Paying the Ransom
If you’re willing to fork over the $500 (or whatever the number has increased to since infection), then the answer is yes. The decryption service reportedly works, though you may have trouble exchanging your $500 for the required currency of Bitcoins.
Keep in mind that even if you do pay and get your files back, you’re not safe from the same attack in the future. The malware does not know or care that you have been infected in the past, it simply infects what it comes into contact with. Taking preventative measures is an absolute necessity.
Avoiding Payment
If you’re unwilling to give into the demands of an anonymous thief, you may still be able to recover your files. Getting your files back depends on a number of factors, including whether or not the malware was successful in its attempts to delete your computer’s local backups.
If you have your files backed up on another hard drive, getting (at least most of) your files back is as simple as deleting the malware and copying the files back to your computer.
What do I do?
The first thing to do is to remove the malware by booting your computer in Safe Mode and running some malware removal software. Depending on your version of Windows, getting into Safe Mode can be slightly different—search for “Safe Mode” and your Windows version to find a number of helpful guides.
After you’ve performed a scan for malware, you can attempt to use Windows’ System Restore functionality to roll your computer back to a previously saved version that still contains your files.
Unfortunately, CryptoWall’s creators thought of this too and developed a way to delete what’s called the Shadow Volume Copies. These are previous versions of documents that Windows uses to restore files to your computer. Sometimes the malware is able to delete these, sometimes it’s able to delete some, and sometimes it fails completely, so it’s worth a shot to try restoration.
Bleepingcomputer.com has a guide on using Shadow Volume Copies and some powerful software to restore your files, if possible.
Can I decrypt my files?
Unfortunately, no. Your files have been encrypted using 2048 bit RSA encryption. To break such a code, an average computer would need to spend around 6 quadrillion years making attempts.
How can I avoid CryptoWall?
The simplest and most effective method to avoid the damaging effects of CryptoWall is to back up your data regularly.
Local and Cloud-based Backup
If you have your files in a place other than your computer’s hard drive, CryptoWall has no power over you. You can simply remove the malware and restore your files to their original states.
Local or cloud-based data backup are equally effective countermeasures to take against data loss. Setting up some system of data backup with a retention period is key to avoiding disastrous incidents.
If you have no backup of your most important and most cherished files, we can’t stress enough how important it is to backup now.
Data loss isn’t just something that happens to other people or other businesses—it can happen for a great number of reasons and it will happen to you eventually. When it does happen, avoid the emotional and financial toll by being prepared.
Other Methods of Prevention
Other than backing up your files, there are a few other methods to prevent CryptoWall from hijacking your files. They require some setup, but can be extremely effective. Bleepingcomputer.com offers a great breakdown of the known prevention methods.
West County can Help
West County has been helping businesses everywhere back up and keep their data secure for years. If your business isn’t backing up its data, you’re running a serious risk. Data loss can be one of the most financially damaging, time-consuming events a company can ever face.
If you’re interested in either local or cloud-based data backup and business resumption services, give us a call today or fill out the form below.
Contact Us
Contact us by filling out the form below.
"*" indicates required fields