Skip to content

l01cd3v/CryptowallDropboxRecovery

Repository files navigation

CryptowallDropboxRecovery

This repository contains the python code I created and used to recover a friend's file after they were victim of Cryptowall. It addresses a particular case where all of my friend's important files were stored in Dropbox. Because Dropbox offers free versioning to all users for a 30-day period and because my friend contacted me within a day of the compromise, I was able to restore most of the files. Note that I do not recommend the use of Dropbox as a primary backup system or protection against any cryptolocker malware. Much consideration should be taken when creating one's backup process, which is out of the scope of this project.

Installation and configuration

  1. Clone this repository
$ git clone git@github.com:l01cd3v/CryptowallDropboxRecovery.git
  1. Install the Dropbox SDK
$ pip install -r requirements.txt
  1. In your browser, connect to your Dropbox account
  2. Create a new Dropbox Core application(s)
  3. Browse to the console API at https://www.dropbox.com/developers/apps
  4. Create a new application with the following settings * Type of application: "Dropbox Core API" * Limited folder: "No My app needs access to files already on Dropbox." * Access: "All file types My app needs access to a user's full Dropbox." * Name: your application name, e.g. CryptowallDropboxRecoveryFor_YourNameHere_
  5. Edit the CryptowallDropboxRecovery/utils.py file and replace the following:
  6. YOUR_APP_KEY_HERE with the "App key" copied from the application page
  7. YOUR_APP_SECRET_HERE with the "App secret" copied from the application page

Recovery of deleted files

In order to restore your deleted files, run the CryptowallRestore.py tool. This tool iterates through all your files and folders and restores the latest, non-deleted version of your files if a corresponding ".aaa" file is found. You will be prompted to browse to the application authorization page and copy-paste the authorization code.

$ python CryptowallRestore.py

Deletion of .aaa files

After confirming that the restoration of your files was successful, run the CryptowallCleanup.py tool. This tool iterates through all your files and folders and deletes all ".aaa" files if a corresponding file exists. You will be prompted to browse to the application authorization page and copy-paste the authorization code.

$ python CryptowallCleanup.py

Author

l01cd3v

License

GPLv2: See LICENSE.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages