Sunday, August 2, 2015

Cryptowall 3.0 Attacks! (with solutions)

Ugh! DVFilm was hit by the "Cryptowall 3.0" ransomware last night. Only one of our workstations was affected. The malicious software encrypts Word documents and Jpegs (among other type files) with unbreakable encryption and then demands ransom in bitcoin to give you the key to unlock them.

It took us 2 hours of research to find a program to help recover the files. In this case it was for a computer running Windows Vista, so after stopping the virus (which we did manually by running MSConfig in Safe Mode and deleting the suspicious files in the startup folder) we had to download Shadow Explorer and run it to recover the Word documents and other files from saved older versions.

I've read that Cryptowall can also be stopped with the latest antivirus programs and the Microsoft Malicious Software Removal Tool here:

https://www.microsoft.com/security/pc-security/malware-removal.aspx

Windows 7 can be protected if you have an up-to-date version of Microsoft Security Essentials or for Windows 8.1, Windows Defender, We had Windows Defender running on Vista but it was useless for this particular attack.

Other helpful links:

Windows 7: http://windows.microsoft.com/en-us/windows/security-essentials-download

Shadow Explorer (works with Vista only): http://www.shadowexplorer.com/downloads.html

More info: https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32/Crowti