This repository contains the python code I created and used to recover a friend's file after they were victim of Cryptowall. It addresses a particular case where all of my friend's important files were stored in Dropbox. Because Dropbox offers free versioning to all users for a 30-day period and because my friend contacted me within a day of the compromise, I was able to restore most of the files. Note that I do not recommend the use of Dropbox as a primary backup system or protection against any cryptolocker malware. Much consideration should be taken when creating one's backup process, which is out of the scope of this project.
Installation and configuration
- Clone this repository
$ git clone firstname.lastname@example.org:l01cd3v/CryptowallDropboxRecovery.git
- Install the Dropbox SDK
$ pip install -r requirements.txt
- In your browser, connect to your Dropbox account
- Create a new Dropbox Core application(s)
- Browse to the console API at https://www.dropbox.com/developers/apps
- Create a new application with the following settings * Type of application: "Dropbox Core API" * Limited folder: "No My app needs access to files already on Dropbox." * Access: "All file types My app needs access to a user's full Dropbox." * Name: your application name, e.g. CryptowallDropboxRecoveryFor_YourNameHere_
- Edit the CryptowallDropboxRecovery/utils.py file and replace the following:
- YOUR_APP_KEY_HERE with the "App key" copied from the application page
- YOUR_APP_SECRET_HERE with the "App secret" copied from the application page
Recovery of deleted files
In order to restore your deleted files, run the CryptowallRestore.py tool. This tool iterates through all your files and folders and restores the latest, non-deleted version of your files if a corresponding ".aaa" file is found. You will be prompted to browse to the application authorization page and copy-paste the authorization code.
$ python CryptowallRestore.py
Deletion of .aaa files
After confirming that the restoration of your files was successful, run the CryptowallCleanup.py tool. This tool iterates through all your files and folders and deletes all ".aaa" files if a corresponding file exists. You will be prompted to browse to the application authorization page and copy-paste the authorization code.
$ python CryptowallCleanup.py
GPLv2: See LICENSE.