Recently a client had ransom message appear on their computer right while they were completing a task for a client of their own.It was a spine tingling moment. What do you do? You’re trying to serve your own customer and suddenly your computer makes you freeze – that your next move could delete everything on it.Yes that is a reality, although an unlikely one it is still possible and as CryptoWall 3.0 (in this case) evolves to the next generation, expects the demands and damage to data will rise.What happened next was nothing short of a miracle. If I hadn’t seen it myself….actually I’m still struggling to believe it.First point, there was no anti-virus/malware software in place, which is one reason why this client is now a client. After installing Webroot (for its all-round performance and uber-light nature, because this was an already slow computer that didn’t need anything else dragging it down).Stepping back a bit; if this happens to you; disconnect your computer from any Internet connection. Pull the data cable or brute force turn off the WiFi connection (or both). Now breathe – and get your security expert involved.Ascertain where your last and latest data backup is located. If it is plugged in to the computer – get it out super quick.Once there was an antivirus (AV) software package installed it set to doing a scan and found quite a few malware hangovers to deal with on the way through. This is where things start to get dirty. In this instance of a Windows PC there was only so much the AV software could do to a live operating system. The next step involved booting to safe mode and manually deleting they myriad of files it blasted throughout the computer’s file structure that could be tripped on.First thing I’ve discovered is it is very nasty and powerful and it can be very subtle and kind – ransom before destruction. Never roll the dice on this! The time spent rooting it out along with all its relatives far outweighed the risk of not taking preventative action. This client survived a brush with death – nothing of significance was lost and I got it removed without any residual hangover.As to how I achieved this? It wasn’t magic or rocket science but a collaborative by so many people who had previously paved the way and left YouTube tutorials along with blog postings on what they did.What I learned about this one is every situation is unique – plus it involved delving in to the computers registry – the heart where one tiny slip will irreversibly destroy its operation.Thank you to those who shared their steps – by using a combination of some/all it worked out in this case for this client.One statement I would make is never ever ever download a malware removal tool without being absolutely sure it is from a trusted author and you can verify reviews that it does what it says. In the heat of the moment it is so easy to add fuel to the fire by stacking another malware tool to mess with your data rather than assist.These sources provided snippets and insight that worked in this instance:https://www.youtube.com/watch?v=gPelrlpQIJghttps://www.pcrisk.com/removal-guides/7844-cryptowall-virushttp://deletemalware.blogspot.co.nz/2015/01/how-to-remove-cryptowall-30-virus-and.htmlRooting out viruses isn’t something I claim to enjoy – it was a necessary evil to keep the client moving without them losing the very core of what they’d built up. It was far easier to chip away behind the scenes and resolve this while building a fortress of defence and backup routines.Can the CryptoWall 3.0 encrypted files be reinstated? The reading I’ve done has me believe that yes, it is possible, if you follow their instructions. However, given the level of data backup you should be having I’d much rather turn my back on the situation, suck up the loss, not negotiate with them and just move on – move away from their clutches.
Was this of value to you? If so and you feel the desire: Buy Me A Coffee