Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Any ideas on how to avoid Cryptowall or other Ransomware?

Oct 4, 2014 2:02AM PDT

Is there anything that can prevent the Cryptowall or variants of any type of Ransomware from attacking your computer?
Is there any way to get your files back without paying the attacker/hacker/criminal d-bags?

Our server at work got hit by cryptowall (they send you a link to arrange payment to retrieve a codekey to un-mangle your files, such as .doc, .xls, .pdf, .jpeg) and atm I don't know if we will retrieve all the corrupted files yet.
Ran Full system virus scans on each individual station, found either nothing or a single tracking cookie on them.
Then ran a SYMHELP by symantic) on the stations. I had to leave so do not know the outcome of the rest of the stations, but my own came up with hkey something or other (related to int explorer) that was requiring a removal.
When I got home I ran full system scans (Norton) on both of the family comps. found nothing.

Zeke I.

Discussion is locked

- Collapse -
Answer
"We only lose what we don't backup."
Oct 4, 2014 3:56AM PDT

You'll continue to find folk that must learn this vital sentence or lesson first hand. Many folk won't listen and only learn after losing it all and some lose it all many times before they get it.

OK, what do I use? Common sense, no torrents, and a few add ons to the browsers. Here's my everyday everywhere everymachine add ons: Web Of Trust and Adblock+.
Bob

- Collapse -
Respectable answer.
Oct 4, 2014 7:47AM PDT

Thanks, we do back-ups nightly at work, and at home mine backs-up any files added or changed regularly.
I had not heard of Web of Trust, and just checked it out, and downloaded it. Thanks for the heads-up.
Now will check for adblock (i think I have it already)
ZI

- Collapse -
WOT (short for Web Of Trust) is a favorite here.
Oct 4, 2014 7:58AM PDT

Ask any moderator. One of the important plates in the armor.

- Collapse -
Answer
About CryptoWall ..
Oct 5, 2014 7:25AM PDT

Zeke,

In order to avoid it (or get rid of it) I feel it's important to know a little more about it.

As recently as last month CryptoWall made the news, when Barracuda Research Labs found "Signed CryptoWall Distributed via Widespread Malvertising Campaign" You will come to find the samples Barracuda Labs found were distributed through drive-by downloads launched from well known sites via malicious advertisements.

Additionally, see Dell SecureWorks' analysis of "CryptoWall Ransomware". They state in their Conclusion :

'The following actions may mitigate exposure to or damage from CryptoWall:

• Block executable files and compressed archives containing executable files before they reach a user's inbox.
• - Keep operating systems, browsers, and browser plugins, such as Java and Silverlight, fully updated to prevent compromises resulting from exposure to exploit kits.
• Aggressively block known indicators from communicating with your network to temporarily neuter the malware until it can be discovered and removed.
• Reevaluate permissions on shared network drives to prevent unprivileged users from modifying files.
• Regularly back up data with so-called "cold" offline backup media. Backups to locally connected, network-attached, or cloud-based storage are not sufficient because CryptoWall encrypts these files along with those found on the system drive.
'

Lawrence Abrams (Grinler) at BleepingComputer wrote an excellent overview of CryptoWall. It's a wealth of information and should answer any additional questions you may have:

CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ
( Note where he discusses the CryptoPrevent Tool )

I'm in agreement with Bob. Common sense! I'm of the belief the only (reliable) way of recovering the data is from backups. Paying the ransom only further helps continue the fraud. Plus, there are no guarantees IF paid.

In closing ......... Web of Trust (WOT) is a must! Happy

Best of luck..
Carol

- Collapse -
Answer
The best defence.
Oct 10, 2014 11:41AM PDT

Zeke,

If you really want to ensure that you can evade the Ransomeware, than you have to have an ongoing Back Up strategy. If this means a nightly Back Up to an external hard drive, all the better. Then when you see the screen from the "attacker/hacker/criminal d-bags", you just pull out your Back Up software's Boot Disk. Boot to the recovery program, and restore your last Back Up, before the virus hit.

You can add all the preventative programs you like, but in the end, there is nothing better than a recent Back Up. I hope this helps.

Regards,
Mr. Windows

- Collapse -
Answer
More about Cryptowall and manual removal instruction
Oct 10, 2014 7:21PM PDT

Hi, Cryptowall has been spread wildly to lock PCs and deceive money out of victims. It can drop malicious files secretly to the system and encrypt your documents and folders. To get rid of it completely, you need to remove all its bad components in the system. First of all, you need to boot in the system in Safe Mode. Then you should end malicious processes and clear dangerous registry entries and other files.
Hope I can help you!

Note: This post was edited by a forum moderator to remove promo link on 10/13/2014 at 9:36 AM PT