What is Cryptowall?
Cryptowall is a very dangerous Trojan virus. It can attack your computer system and encrypt your files. Cryptowall can infiltrate all Windows systems. It will restrict access to your files and demand you pay 500 dollars or euros as a ransom to get back the access to your PC. Cryptowall usually enters your system via spam e-mails or freeware programs. It is very similar to other viruses such as Cryptodefence, Cryptorbit and Cryptolocker. This ransomware is a very serious threat to your PC therefore you should eliminate Cryptowall as soon as possible.
How did Cryptowall enter my PC?
As it has been mentioned above, Cryptowall usually enters your computer via spam e-mail or downloads from unreliable sources. If you do not have a powerful anti-malware tool and you download a spam e-mail attachment or click on a malicious link your PC will get infected. The Virus could also enter the system with the help of fake installers. If you download various software updates somewhere other than the official sites you may be downloading malware instead. You should be very careful when browsing the Web unprotected because the cyber criminals are very good at making sure their malicious programs infiltrate your computer. To avoid that you should download and install a reliable malware prevention tool.
What does Cryptowall do?
Once Cryptowall enters your PC it encrypts .doc, .jpg, .pdf, .ppt and other types of files. The Virus also places Decrypt_Instruction.url, Decrypt_Instruction.txt and other files within a folder of the encrypted files. If you click on the first file you will be presented with a message that looks something like this:
“Your files are encrypted.
To get the key to decrypt files you have to pay 500 USD/EUR. If payment is not made before [date] the cost of decrypting files will increase 2 times and will be 1000 USD/EUR”
As you can see, the message states that your files have been encrypted. That part, unfortunately, is true. However, the message goes on to say that if you pay ransom for your PC you will be able to decrypt your files. Do not follow these instruction and do not pay cyber criminals any money. The instructions you will be provided with if any will be fake and you will not be able to decrypt your files.
How can I decrypt my files?
It is possible to try and decrypt your files if the infection did have too much time to evolve. You can either restore your files from a back up or find an RSA key. The key could be stored on your PC as .crt or .pfx file. You could try locating this file in your system and decrypt your data by using the key that can terminate the encryption. You can also use the instructions provided below if you can not find the key yourself. After you decrypt your files it is important that you install a trustworthy anti-malware program or your files may get encrypted again. If you do install the malware removal tool you will be able to get rid of Cryptowall for good.
Decrypting your files
- Click on Start and go to Control Panel
- Select User Accounts and Family Safety
- Click User Accounts
- Here click on Manage your file encryption certificates
- Click Next
- Check Use this certificate and select the certificate
- Click on Select certificate and then Next
- Click Backup the certificate and key later and click Next again
- Select All logical drives and click Next once more