Skip to main content
The only way I'm having any luck with some of my clients is *if* they have restore points that are pre-infection, and only if shadow copy service is intact.



I've had x6 different computers in my shop this past WEEK, and only 1 could I get 100% all their files back... The others were %$#ed.

This 2.0 version is insane. Restoring the deleted original is useless since it securely deletes them now... sob

Anyone else seeing cryptowall in their area come so rapidly???



-pianomanx

Louisiana
Sorry to hear it's hitting you so hard.  I've alerted the threat research team - go ahead and submit a ticket and we'll get you some help:

https://www.webrootanywhere.com/servicewelcome.asp#
Hello Turbo, welcome to the Community!

 

EDIT: @ do you happen to have the Webinar link handy in which  Cryptoware was discussed and how WSA handle it?

 

We have seen a few posts here over the last week.  I am not sure what Webroot Support's success has been in recovery, but usually they do have a decent success rate with ransomeware.

 

One noteworthy item regarding backups: users of WSA-Complete have that 25 Gb Cloud storage. That is actually considered safe from Cryptoware because the backup itself is also backed up: 10 rollback points.  To the best of my knowledge, even if a system was bricked beyond recovery and required format C, the backed up data in the Cloud survives.
Turbo, 

 

Here is an interesting link for you, and it has the info I was pinging TripleHelix about.  https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Backup-Is-it-encrypted/m-p/164129#M9298

 

It is a thread about encryption in the Backup&Sync feature of WSA-Complete, but TH also touched on a recent Webinar from Webroot regarding Cryptoware.

 

I hope this helps give you, and your clients, a bit more information!  

 

@ Is there any way to verify what was noted about the up  to 10 snapshots in the Backup space in the Cloud?  ;)
Not sure off the top of my head David, as I haven't played with that feature much.  Support will know for sure.
@ is this the webinar link you were after Evolution of Encrypting Ransomware
@ wrote:

@ is this the webinar link you were after Evolution of Encrypting Ransomware

That is it Jasper 🙂  I should have followed the link chain to get that link.... thank you for getting that!

Reply