CryptoWall – OH, your fucked

My first dealings with a Crypto Variant today, CryptoWall

Someone that I haven`t done any work for for a few years contacted me to ask for some help as they couldn`t open their emails. So I remoted on and took a quick look for them.

First thing that I noticed when the screen loads is 3 files in the middle of the desktop called DECRYPT_INSTRUCTION. Straight off I knew that this was not going to be a good result.

I had a quick read of what it says and then a quick look at the My Documents folder and then proceeded to tell him, in a non technical way, that he was Fucked. I then explained what had happened and told him that there was nothing that I could do, something that I don`t often tell people. I wasn`t going to suggest paying $500 to get it all unencrypted only to find that it didn`t work.
Ironically the only thing that wasn`t encrypted was all of his Sage Accounts!

He asked how it could of happened and after a quick visual check I told him
Well, you are running Windows XP that has out of date virus protection, that would not of helped, you have probably opened up a few dodgy emails with attachments and looked at them. He did say that he has been getting a lot of emails with invoices in them! Oh Dear

Its not often that I cant fix something, but in this case I couldn`t, so I told him to turn off and unplug the computer and buy 2 new ones to replace what he had as they are well out of date and possibly open to more problems!