I found The CURE of CryptoWall 3.0 ( NEED EXPERT ASAP )

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
Hi MalwareTips... maybe we'll change the world together ... because I was able to RECOVER a file which was Crypted by CRYPTOWALL 3.0 ..

how I did that ?

- I use a software called ( Fairdell HexCmp2 )

I selected two files ( one Is encrypted and the other was decrypted )

I copied all the volume ( the RSA CODE or I don't know what to call it ) from the Enrypted one to the Decrypted one

and I save it !! After that it Worked !!!

I don't know maybe this idea is useful .. I'll try other things with other files ..

I'll contact you in this threat soon !! Please see file attached !

it's 2:21 am , I'm going to sleep , See you tomorrow
 

Attachments

  • ASAP.png
    ASAP.png
    242.5 KB · Views: 1,117

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
I need some help from Experts to write an software .. or a tools , or something !!

The trick is easy , find a File that still work and didn't get infected ... with the same file infected ... and you can compare to find the key
 
Last edited by a moderator:
  • Like
Reactions: yongsua
L

LabZero

Maybe this is not the cure.
Without key is impossible decrypt the files.

It is necessary also to verify if your method works with other Cryptowall variants or other Ransomware;)
 
Last edited by a moderator:
  • Like
Reactions: done

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
This sounds interesting, be keen to see if it works with your other files. :)
 
  • Like
Reactions: LabZero
D

Deleted member 21043

What do you want the program to do?
He wants the program to decrypt a Cryptowall encrypted file, meaning breaking the RSA encryption/getting the private RSA key to decrypt the encrypted file.
 
D

Deleted member 21043

am doing all my best for my dead mother ... I need her pictures ... It all what I used to have in this world ..

This is my page of the virus , In case someone want to pay the ransom for me. I just don't have the money , otherwise I'd pay him every penny just for my mommy .

http://7oqnsnzwwnm6zb7y.icepaytor.com/m97wtQ
If I knew how to break the RSA encryption to make a tool to decrypt Cryptowall encrypted documents, I would do it. But I sadly don't. Currently there is no known way to "crack" it.

The tools out there (which by the looks of the thread on the MRA where you were being assisted to clean up the infection) which try to decrypt the documents have a database of known RSA keys which can be used to attempt to decrypt the documents. However, the chances of that working are small as each different Ransomware sample may be different and hence produce a different RSA private key.

If you had've been monitoring the network at the time of infection you may have been able to get the key to unlock the files since they would have been sent to the server.

I suggest you keep hold of the Cryptowall encrypted documents and store them very safely. Maybe in the future it will one day be possible. For now, there is no known way to just crack RSA.

I never recommend paying the ransom as all it does is encourage the malware writers to continue making malware knowing they may make more profit out of it. But you can never trust a malware developer. There is neither no guarantee they will actually let you decrypt your files after payment (even if they do have a "trial" like some samples do to let you decrypt one file to test the decryption). For all you know you could end up paying the ransom and get nothing in return.

Cheers. ;)
 
  • Like
Reactions: done

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
I know ... but this time , it's an exception .. for me . I don't care about the computer , I care only about my mother pictures ... because I can never see her again
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Contact Kaspersky they could help. I use RSA 2048 to encrypt files, I thought, without the private key you don't stand a chance, that's why these criminal gangs are making so much money.
 
  • Like
Reactions: done

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Thanks man , the shadow explorer work only with Driver F:// which was not infected with the stupid virus
Do you have a enrypted and not encrypted file from the infected machine? You can try saket suggestion
 
  • Like
Reactions: done

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
i think what he needs is
automation of the process

suppose there is a jpeg file that is encryped by ransomware

and another jepg from the same camera
which is not encryped

hex comparison software can then compare the extra bytes of data
and remove it to get the orignal file

some of ransomeware varients
just add 512 bytes if data at header and footer

Do you have a enrypted and not encrypted file from the infected machine? You can try saket suggestion

YES ! I've have ! yet , I don't know what should I do , am not a professional using those software ,
I'll pm you with the FILE
 
  • Like
Reactions: done

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
I tried this software , but look what I get ? look to the weird extensions of my file
 

Attachments

  • Sans titre11.jpg
    Sans titre11.jpg
    359.7 KB · Views: 848

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
unfortenatly I don't .... they were deleted by the VIRUS !

somebody check the following Screenshot
 

Attachments

  • Sans titre87.png
    Sans titre87.png
    199.9 KB · Views: 721
  • Sans titr8999e.png
    Sans titr8999e.png
    251.8 KB · Views: 729

unfogiven19

Level 1
Thread author
Verified
Mar 30, 2015
27
hi I recoverd this file from C:// called System Volume Information ( it 12mb )
can I move it to THE ACTUAL c:// and try my luck ?
 
  • Like
Reactions: done

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top