I found The CURE of CryptoWall 3.0 ( NEED EXPERT ASAP )

Joined
May 11, 2014
Messages
1,622
OS
Windows 10
Antivirus
Sophos
#21
I see you are using Kaspersky, how on earth did you manage to get infected with Cryptowall 3.0?
 
Joined
Mar 30, 2015
Messages
27
#23
Hi , man ... I was able to decrypt 1 file who was infected with CRYPTOWALL 3.0 using HexCmp .... how to decrypt the rest of the file .. I need CryptoWall decrypter .... I NEED IT ASAP ... if the Trick work for me , it should work for everybody .



PLEASE I'M WAITING
 
Likes: done

paull

New Member
Joined
May 17, 2015
Messages
1
#25
Hi fellow net users.
I have investigated unforgivens ideea. The ideea is good, but you did the wrong thing. You just copied the info from the good one to the bad one. That's not the way. You must find the first bit of info from where it just goes wrong, and then fix it.
1.I compared 2 samples of the same picture. The first one was encrypted and the second was decrypted.
2. I was looking in the good picture at the binary info and then compared it to the crypted one to find similarities.
3.I had no luck, i think the cryptowall jsut masses up the binary info in the file. It does not put the first 512 bits of info at the end. Of course there is a logic in its MO, but that remains to be discovered.
Regarding the comparison i did, what i was trying to do looked like this:
a)encrypted file: 01 02 AA 17 25 E8 01 FF ......78 ER 58 D8 F7...
b)decrypted file: 78 ER 58 D8 F7.....
c) or much simpler: its like a row of numbers that is massed up:
one is logical (decrypted)1,2,3,4,5,6,7,8,9
one is illogical(crypted) 5,6,7,8,9.....1,2,3,4
BUT AGAIN you will not find something like this in the binary info of 2 files because cryptowall does not take the first 512 bits of info (fist numbers) and put it at the end.
Please post if someone has an ideea.
 
Joined
May 18, 2015
Messages
54
#26
If its cryptowall, its gonna be a little bit harder. But this is a good start point. Suggest you go talk to the fellas over on Bleeping Computer. They have some coding experts over there. they helped a guy with cryptorbit i was trying to help out. Hopefully you can get everything back. I hate ransomware more than i hate Banking trojans honestly. Its the worst example of extortion there is. They should actually charge the developers of Ransom Trojans With Extortion, And The botnet offense too. There is one thing that is good that may be worth considering. Most ransomware that encrypt things won't allow themselves to be run sandboxed or virtualized. Something to think about in the future at least. Like keeping your pictures in a Virtual machine or something. or running a Linux VM to isolate malware from host windows os. You need help setting one of those up i would be happy to assist with setting up a Ubuntu .deb based / or RPM based os, whichever you want. Its the least i can do. I am not a code expert... Unfortunately. But i am good at installing Operating Systems. Have done complete installs of every OS except for gentoo or Arch. BSD and OpenBSD included.
 
Likes: done
Joined
Sep 25, 2015
Messages
4
#31
I got infected and lost all of my files, too. I had been meaning to reformat my computer because it was running poorly and sometimes programs didn't load. I procrastinated and got infected when Symantec didn't load. By the time I discovered this, I lost all my files, not just on the main computer, but 6 Gb of data stored on two attached external harddrives, including all my backups.

I eventually decided to pay the ransom (Please, I don't need a lecture about more secure backups or why one shouldn't pay cyberthieves - the data is worth the ransom to me). The problem I now have is that the supplied file: decryptor.exe does not run on my ssytem. I do have both the public key and the private key the thieves did send me and I have securely backed this up in separate places.

Any idea as to how to get a program that will run, use these keys, and get my data back?

Any and all help would be much appreciated.
 
Likes: done

So Screwed

New Member
Joined
Sep 25, 2015
Messages
4
#33
Why doesn't work on your system? what system you have ? what OS ?
I am running Windows 7 Pro x64.

My system is corrupt. I installed a fresh operating system on a new hard drive and am able to run the file. It simply replies "error" though for all encrypted files.

I have removed my hard drives and am running a new Windows 10 install. My data is gone, but I remain hopeful that some day an answer will be found.
 
Joined
Nov 25, 2015
Messages
2
#36
Hi , man ... I was able to decrypt 1 file who was infected with CRYPTOWALL 3.0 using HexCmp .... how to decrypt the rest of the file .. I need CryptoWall decrypter .... I NEED IT ASAP ... if the Trick work for me , it should work for everybody .



PLEASE I'M WAITING
I have the decrypter, all i need is decrypt key to restore my files... can we help each other?
 
Likes: done

So Screwed

New Member
Joined
Sep 25, 2015
Messages
4
#38
"I have the decrypter, all i need is decrypt key to restore my files... can we help each other?"

There is a public key and a private key. The private key is, as I understand it, computer-specific and mine would thus be of no use to you.
 
Likes: done
Joined
Nov 25, 2015
Messages
2
#39
"I have the decrypter, all i need is decrypt key to restore my files... can we help each other?"

There is a public key and a private key. The private key is, as I understand it, computer-specific and mine would thus be of no use to you.
I got the decrypter from their (virus maker) website. decrypter file info as attached.
when i ran it, it need a key of 64 char. and i don't think that was a private key.
the proses will be like this
hope somebody can tell me if there is a possibility to find the key through encrypted file.
using hexa viewer i found 2 lines of 128 chars sequence that may be we can use to generate the key.
hopefully...
 

Attachments

Last edited by a moderator:
Likes: done

Cch123

Level 7
Verified
Joined
May 6, 2014
Messages
331
#40
Not trying to burst anyone's hopes, but I really have to clear some misconceptions here.

No, it is not possible to recover any files encrypted by cryptowall. You can't extract the decryption key from encrypted files.

Steps to follow after an infection:
1. Check if you really have a cryptowall infection. There are many other copycat malware out there, and some of them are made by script kiddies. For some infections, you can recover your files due to implementation errors by the author.
2. Reinstall your OS and recover your files from backup.
3. Remove the malware, then pray that you were using a non admin account when you got infected. If that is the case, you can user ShadowExplorer to find any shadow copies of you files that remain and restore you files.
4. If nothing works, reinstall your system and write your loss off as an experience. Learn some good security habits and don't get infected again.
 
Likes: Enju

Similar Threads

Similar Threads