Cryptowall > All Things Tech

Posted: 7/29/2015 1:24:30 PM EDT

Is there anyway to decrypt the files? Yes we have backups but someone decided to keep files in an unbacked up location even though we warn them every time they log in. I have searched but can't find anything but figured I would ask just in case.

Posted: 7/29/2015 3:12:01 PM EDT

[#1]

Depends on what iteration of the infection you have. Some of the C&C servers for early variations were ceased and the private keys extracted. Newer variants it's not possible at all without the private key. Either case should be handled by a professional, your user is basically boned.

Posted: 7/29/2015 3:25:55 PM EDT

[#2]

Could someone explain to those of us who are ignorant, but interested, just what the fuck is going on here?

Thanks.

Posted: 7/29/2015 3:55:22 PM EDT

[#3]

Quote History

Quoted: Could someone explain to those of us who are ignorant, but interested, just what the fuck is going on here?

Thanks.

View Quote

One of OP's users didn't backup their files. Then their PC got hijacked, and all of the files are either encrypted, or scrambled. The hijackers are demanding a ransom to provide a key to decrypt the files, which may or may not work.

Posted: 7/29/2015 4:20:21 PM EDT

[#4]

Quote History

Quoted:

One of OP's users didn't backup their files. Then their PC got hijacked, and all of the files are either encrypted, or scrambled. The hijackers are demanding a ransom to provide a key to decrypt the files, which may or may not work.

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted: Could someone explain to those of us who are ignorant, but interested, just what the fuck is going on here?

Thanks.

One of OP's users didn't backup their files. Then their PC got hijacked, and all of the files are either encrypted, or scrambled. The hijackers are demanding a ransom to provide a key to decrypt the files, which may or may not work.

How can the hijackers know the key?

Sorry to be so dense.

Posted: 7/29/2015 4:31:01 PM EDT

[#5]

They are the ones who encrypted the files.

Posted: 7/29/2015 4:32:27 PM EDT

[#6]

Quote History

Quoted:
They are the ones who encrypted the files.

View Quote

I knew I was missing a key piece.

I assumed that they grabbed encrypted files. (no wonder it didn't make sense)

Thank you.

Posted: 7/29/2015 4:48:18 PM EDT

[#7]

Quote History

Quoted:
Depends on what iteration of the infection you have. Some of the C&C servers for early variations were ceased and the private keys extracted. Newer variants it's not possible at all without the private key. Either case should be handled by a professional, your user is basically boned.

View Quote

version 3.0

Posted: 7/29/2015 5:42:13 PM EDT

[#8]

Quote History

Quoted:

version 3.0

View Quote View All Quotes

View All Quotes

Quote History

Quoted:

Quoted:
Depends on what iteration of the infection you have. Some of the C&C servers for early variations were ceased and the private keys extracted. Newer variants it's not possible at all without the private key. Either case should be handled by a professional, your user is basically boned.

version 3.0

You're fucked. Tell the user that they should have listened to you, and that this is all their fault and you'll be contacting their supervisor.

Posted: 7/29/2015 8:37:16 PM EDT

[#9]

The guy also told me he kept a word document on his desktop titled "passwords". Yup. I always thought that was one of those urban legend things.

Posted: 7/29/2015 9:05:51 PM EDT

[#10]

Quote History

Quoted:

You're fucked. Tell the user that they should have listened to you, and that this is all their fault and you'll be contacting their supervisor.

View Quote

That's really the only reasonable option. That level of stupidity should get you fired every time.

Posted: 7/30/2015 2:35:49 AM EDT

[#11]

If this ticket is resolved, please fill out the quality survey.

http://questionpro.com/t/ALhoWZStmB

Warning

Confirm Action

[ARCHIVED THREAD] - Cryptowall

[ARCHIVED THREAD] - Cryptowall