Warning

 

Close
Confirm Action

Are you sure you wish to do this?

Cancel Confirm
23223 Online
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
AR15.COM
bravocompany
My Account
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
magpul
primaryArms
JRH
colt
springfield
geissele
Guns
fightlite
cz
OSIGHT
brownells
midwest
RS
skd
Holosun
bravocompany
aim
vortex
palmetto
DFC
GS
silencerShop
23223 Online
midwest
Guns
DFC
primaryArms
colt
JRH
vortex
silencerShop
OSIGHT
cz
fightlite
aim
RS
geissele
springfield
skd
brownells
palmetto
bravocompany
GS
Holosun
magpul
Site News Could You Have Stopped This? Vegas Shooting Analysis with Attorneys on Retainer
11/10/2014 8:26:23 PM EDT
has any one been able to recover data after acquiring this "infection"?

customer w no backup would like their files back
11/10/2014 9:04:05 PM EDT
[#1]
The new one is extra nasty, it securely deletes the original files after encrypting them. There's really not a whole lot you can do once you're infected.

You should have cold storage backups of any critical data.
11/11/2014 9:13:36 AM EDT
[#2]
Your client will have to pay to get their files back.
11/11/2014 9:55:35 PM EDT
[#3]
Dealing with it too. Lost a bunch of pictures. Thought I had it killed off but I do not know what I am doing at this point. Going to call a local shop in the am.
11/11/2014 9:55:53 PM EDT
[#4]
Dealing with it too. Lost a bunch of pictures. Thought I had it killed off but I do not know what I am doing at this point. Going to call a local shop in the am.
11/11/2014 11:11:20 PM EDT
[#5]
You can try this: https://www.decryptcryptolocker.com/ to see if it's still an old variant of cryptolocker.

But if it's cryptowall 2.0 your pretty much SOL right now unless you pay extortion.
11/12/2014 1:51:09 AM EDT
[#6]
Is it able to kill off drive snapshots? Is it getting files on network drives?
11/12/2014 9:10:25 AM EDT
[#7]
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
11/12/2014 4:06:45 PM EDT
[#8]
Used free version of Recuva to decrypt some of my pictures. Still think the virus is on the machine because every scan is finding something. When I move the photos I may go get another drive. Would love to curb stomp the MOTHER of the fucks that start this shit.
11/12/2014 7:42:34 PM EDT
[#9]
i boot off a a bootable os.  copied the files over to an external hd.      reinstalled windows 7.    scanned it with AV>  it found and detected the malware.   i can't remember what it called it   removed it.  but their data was still encrypted.   all kinda of malware tools nothing could repair this

they learned their lesson.  backups.



 anyone reading, hopefully you will pass this on to family and customers who actually do have data they need
11/12/2014 9:34:07 PM EDT
[#10]
If people would just heed the wise words of Leisure Suit Larry - "Save early, save often".
11/12/2014 11:52:09 PM EDT
[#11]

Quote History
Quoted:


If people would just heed the wise words of Leisure Suit Larry - "Save early, save often".
View Quote
And quit clicking attachments in emails, this is how this one is spread. Thank god its easy to get rid of, getting back the encrypted files not so much however. A full scan with Malwarebytes will kill the virus. Best to do by pulling the drive and scanning with a different machine however as the longer your computer is running, the more files are encrypted. Also check your shares, it will encrypt shares across the network as well.



 
11/13/2014 9:10:29 PM EDT
[#12]
The credit card charge  comes from homepcshield.com fyi

Is there a way to take this site down ?
11/14/2014 2:29:10 AM EDT
[#13]
Quote History
Quoted:
The credit card charge  comes from homepcshield.com fyi

Is there a way to take this site down ?
View Quote


Better yet, where is the FBI or Dept of Homeland Security??
11/14/2014 9:11:15 AM EDT
[#14]
The servers are usually overseas, no jurisdiction.
brownells
blackhills
SAS
Faxxon
RS
ar15com
colt
LAPG
cmmg
LAPG
palmetto
gray
ar15com
springfield
CA
silencerShop
ar15com
primaryArms
fightlite
THBRD
bravocompany
geissele