The only way I'm having any luck with some of my clients is *if* they have restore points that are pre-infection, and only if shadow copy service is intact.
I've had x6 different computers in my shop this past WEEK, and only 1 could I get 100% all their files back... The others were %$#ed.
This 2.0 version is insane. Restoring the deleted original is useless since it securely deletes them now... sob
Anyone else seeing cryptowall in their area come so rapidly???
-pianomanx
Louisiana
Answer
CryptoWall 2.0 is causing havoc
Best answer by Jasper_The_Rasper
+56Sorry to hear it's hitting you so hard. I've alerted the threat research team - go ahead and submit a ticket and we'll get you some help:
https://www.webrootanywhere.com/servicewelcome.asp#
https://www.webrootanywhere.com/servicewelcome.asp#
Hello Turbo, welcome to the Community!
EDIT:@ do you happen to have the Webinar link handy in which Cryptoware was discussed and how WSA handle it?
We have seen a few posts here over the last week. I am not sure what Webroot Support's success has been in recovery, but usually they do have a decent success rate with ransomeware.
One noteworthy item regarding backups: users of WSA-Complete have that 25 Gb Cloud storage. That is actually considered safe from Cryptoware because the backup itself is also backed up: 10 rollback points. To the best of my knowledge, even if a system was bricked beyond recovery and required format C, the backed up data in the Cloud survives.
EDIT:
We have seen a few posts here over the last week. I am not sure what Webroot Support's success has been in recovery, but usually they do have a decent success rate with ransomeware.
One noteworthy item regarding backups: users of WSA-Complete have that 25 Gb Cloud storage. That is actually considered safe from Cryptoware because the backup itself is also backed up: 10 rollback points. To the best of my knowledge, even if a system was bricked beyond recovery and required format C, the backed up data in the Cloud survives.
Turbo,
Here is an interesting link for you, and it has the info I was pinging TripleHelix about. https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Backup-Is-it-encrypted/m-p/164129#M9298
It is a thread about encryption in the Backup&Sync feature of WSA-Complete, but TH also touched on a recent Webinar from Webroot regarding Cryptoware.
I hope this helps give you, and your clients, a bit more information!
@ Is there any way to verify what was noted about the up to 10 snapshots in the Backup space in the Cloud? ;)
Here is an interesting link for you, and it has the info I was pinging TripleHelix about. https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Backup-Is-it-encrypted/m-p/164129#M9298
It is a thread about encryption in the Backup&Sync feature of WSA-Complete, but TH also touched on a recent Webinar from Webroot regarding Cryptoware.
I hope this helps give you, and your clients, a bit more information!
+56Not sure off the top of my head David, as I haven't played with that feature much. Support will know for sure.
That is it Jasper 🙂 I should have followed the link chain to get that link.... thank you for getting that!@ wrote:
@ is this the webinar link you were after Evolution of Encrypting Ransomware
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.