Sinuepok

Q: Help, my Mac was infected - Cryptowall

This morning when I turn on my mac, it was infected with CRYPTOWALL 3.0, all my mail accounts and other personal files were encrypted and I can't access them. How this could happen APPLE!!!!

 

And the worst part is that no one pay page is available!!!

 

APPLE HELP ME!!!

MacBook Air, OS X El Capitan (10.11.2)

Posted on Dec 9, 2015 9:04 AM

Close

Q: Help, my Mac was infected - Cryptowall

  • All replies
  • Helpful answers

  • by pinkstones,Helpful

    pinkstones pinkstones Dec 9, 2015 11:05 AM in response to Sinuepok
    Level 5 (4,209 points)
    Safari
    Dec 9, 2015 11:05 AM in response to Sinuepok

    Apple doesn't read these forums, this is strictly a user-to-user community.  That said, we'll try to help you the best we can.  First things first, Cryptowall is ransomware, and it's insidious.  It's called "ransomware" because it makes the victim pay money to get their files/information returned to them.  It is very important that you don't give these people a dime.  NOT A DIME.  There is no guarantee that upon receiving "payment," you'll get your files back.  Don't make yourself a victim twice over.

     

    I haven't been able to find anything via Google on removing this particular infection from Macs, just PCs.  The one thing I keep seeing over and over again however, is that it will be very difficult to undo the encryption on your files.  Did you do regular backups on an external drive with Time Machine before this occurred?  If you did, I would suggest you completely wipe the hard drive, going all the way back to factory settings, then restore your computer to a date before this infection occurred. 

  • by Sinuepok,

    Sinuepok Sinuepok Dec 9, 2015 11:13 AM in response to pinkstones
    Level 1 (0 points)
    Dec 9, 2015 11:13 AM in response to pinkstones

    Thanks for answer. And unfortunately I don´t have backups, so I'm gonna wipe the HD, anyway I wanted a fresh start with my mac.

    Thank you so much, for your help pinkstones...

     

    But apple should put attention on this...

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT Dec 9, 2015 11:22 AM in response to Sinuepok
    Level 5 (6,988 points)
    Mac OS X
    Dec 9, 2015 11:22 AM in response to Sinuepok

    apple.com/feedback

    let them know but I don't think CRYPTOWALL 3.0 executes on a mac,

    you can get it and spread to a PC but it's innocuous in OS X as it attacks VSS which is a windows service.

    someone else can chime in if I'm wrong or right. I don't claim to know everything.

    https://malwaretips.com/blogs/remove-cryptowall-3-0-virus/

  • by Linc Davis,

    Linc Davis Linc Davis Dec 9, 2015 8:43 PM in response to Sinuepok
    Level 10 (207,926 points)
    Applications
    Dec 9, 2015 8:43 PM in response to Sinuepok

    "Cryptowall" is Windows malware that has never been reported to affect OS X. Why do you think that has happened to you? Do you run Windows on this computer?

  • by Sinuepok,

    Sinuepok Sinuepok Dec 10, 2015 11:29 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 10, 2015 11:29 AM in response to Linc Davis

    That´s what I knew... I use windows with Parallels Desktop, and this app can access to my OS X folders. I think this was the problem.

     

    Cryptowall is not executing on Mac at all, but all my files were encrypted, and I never gonna pay the "rescue".

     

    Apple Support called me about this and they say "This is not the first time for reports like yours..." We have reports from web sites with malware attacking some Java and Adobe bugs.

     

    So, I gonna wipe mi Mac to a new start...

     

    Be carefull with virtualization apps...

     

     

    Thanks for your help.

  • by Boyd Porter,

    Boyd Porter Boyd Porter Dec 10, 2015 11:35 AM in response to Sinuepok
    Level 3 (963 points)
    Dec 10, 2015 11:35 AM in response to Sinuepok

    .

  • by Shawody,

    Shawody Shawody Apr 5, 2016 11:23 AM in response to Linc Davis
    Level 1 (4 points)
    Apr 5, 2016 11:23 AM in response to Linc Davis

    Linc, if that is indeed the case. How do you explain that it managed to infiltrate the Library folder on the Mac system, when this was not even shared with VMWare?