CryptoWall: Identification and Removal of the Virus
Ransomware viruses such as CryptoLocker and CryptoWall work by silently encrypting your important files. Per the virus, the infected user must pay the criminals in order to retrieve the encryption key. By using payment methods such as Bitcoin, which is a virtually untrackable electronic currency, criminals are able to extort money out of users without creating an easy trail for officials to follow.
Do I have CryptoWall?
There are a few viruses that are created to mimic the behavior of Ransomware viruses, but to know if you have the true CryptoWall virus, you’ll need to confirm before you act. This screenshot along with others can help you identify if indeed, the PC in question is infected with one of these relentless forms of ransomware.
The best form of protection is prevention. If you have a robust antivirus solution installed, you should be able to identify these viruses before they do much harm. Without adequate protection, it will be too late by the time the virus presents itself to the user. When the virus is presented to the user, many of their valuable images and files have already been encrypted.
Most Importantly, Perform Regular Daily Backups
If you have a good backup system in place, then you have multiple versions of files reaching back to the time before the virus was contracted. This is essential to not having to pay for a decryption key. If you have such a backup solution, then take a breath – there is hope in getting your files back, although you may lose a few days of newer data and images lost to encryption before a backup was able to take place.
Step 1: Turn off Your PC Until you are Ready to Disinfect
Get your plan in place before turning on that PC – CryptoWall will constantly be encrypting new files as you wait. Read this and other methods of removal from another, non-infected PC. It’s also a good idea to unplug your PC from the network, since these forms of ransomware can reach into network folders and encrypt files on your server. In this situation, getting back to business can be a much longer process.
Step 2: Remove the Virus
With a combination of the newest versions of Hitman Pro and Malwarebytes, you can remove most of the traces of the CryptoWall virus. Boot into Safe-Mode, and run these virus removal tools. However, there will remain traces of the virus in your system. You will have to manually seek these out for removal by following a guide, or hiring a tech company to do the dirty-work.
Step 3: Find out Which Files Are Encrypted
From the masters at Bleepingcomputer.com, you can find this tool which will identify which files have been encrypted by CryptoWall. Print out this list so you know where to focus your efforts. Once you have the list, you can use your backups to restore individual files. This is no quick task, but you do now have a roadmap of what exactly has been encrypted by CryptoWall.
Are you Ready to get your Hands Dirty?
The best do-it-yourself guide to removal of this software and restore your data is found here: Bleepingcomputer.com. If, however, a do-it-yourself method is not your game, then you can contact our tech support experts and have them perform the removal. As long as there are backups of your most vital files, then you will not have to consider paying the ransom.
If you have a dental practice, all the better. Our dental IT support specialists have successfully removed this and other similar viruses, and can streamline support to restore your vital images and data.