How To Recover Files from CryptoWall and Preventing it on Network Shares
In this video we explore how to recover from CryptoWall and CryptoLocker, as well as how to prevent it or at least give us a warning. I explain a recent problem at work and some of the best practices, which allow us to contain CryptoWall and get back the file from a prior time period. We explore what needs to be in place to recover from CryptoWall and I show you how Previous Version or Volume Shadow Copy can help. We also examine how to identify malware running with some simple tools like pslist and the wmic process get tools. We also see how to get an email if CryptoWall or CryptoLocker is running on your network by configuring FSRM.
Introduction to the video – 0:20
How CryptoWall infects a system – 0:25
Why did the computer get infected with CryptoWall – 1:27
How CryptoWall works – 1:54
What you need to recover from CryptoWall/CryptoLocker – 2:54
How to identify if a system is infected along with a demonstration – 5:25
How to be alerted in the future if CryptoWall is running on your network – 9:05
How to configure FSRM to alert you via email – 10:25
Demonstration of how FSRM can alert you and prevent CryptoWall – 14:15
What to do when CryptoWall happens – 15:55