I wanted to say thanks for all of the helpful replies and the links and information that has been shared! Also, I'm sorry for not replying more frequently, but I am feeling pretty overwhelmed with what to do about this, and I have read so many posts on so many different forums/sites, that I don't even know what to do to try to get things started. Over the past few days, though, I have been moving files from my computer's hard drive and I have moved about 400GB-500GB so far.

Honestly, my main concern is/has been trying to save and decrypt the files on my hard drive that were encrypted, so that is what I've been trying to learn about and find out if doing is realistically possible at this time. And I most definitely do intend on removing the malware/ransomeware/spyware/virus, and/or reformatting my hard drive, after I have moved all of my pictures and files over to my external hard drive; but I am currently focusing on trying to save and/or decrypt the pictures and files that were encrypted.

On that note, I am curious about a few things.

1.) As someone alluded to somewhere, am I possibly/likely going to complicate (or, possibly, prevent from actually being possible) the process of decrypting the files by moving them to anther hard drive? Or, if/when I get a decryption key, will I just need to run whatever decryption program that is/becomes available and use the appropriate decryption key on the hard drive with the encrypted files and then let it go through the decryption process on whatever hard drive the encrypted files are stored on at the time? Or, will the files possibly need to be in the exact same location on the hard drive that they were in when they were originally encrypted?

2.) Will doing a clean install of Windows and reformatting the hard drive assuredly get rid of any and all malware/ransomware/spyware/viruses that had been on it?

3.) Is the hard drive the only thing that can get infected by this stuff? Or does it possibly also infect/get installed on the RAM or any other part of the internals of a computer? Basically, if I either reformat my hard drive or get a new/different hard drive, will that make sure that I am able to again use my computer safely/without any problems from the stuff that is currently on it from the ransomware/virus?

As always, sincere thanks to those of you who are trying to help me with this extremely frustrating issue!

Oh yeah, I actually moved a folder from my PC's hard drive that had dozens of folders in it that were photos that I have personally taken with my digital cameras and cell phones over the past 3-4 years, and it was over 250GB in size and consisted of over 200,000 photos, and every single one of them was encrypted and had the .ccc appended to the end of the filename. It was seriously disheartening to think about; but I am genuinely hoping that I will be able to someday decrypt the encryption on these files and again be able to view these pictures!

Btw, the process of moving this folder with the 250GB and 200,000-plus photos took over 48 hours to complete!

It shouldn't matter the location of the files. From what I have seen with other people that have been infected, it is access to the infected computer that is needed to decrypt the files (nb. this is when paying the ransom and using their decryption key, as opposed to a third party tool). One company that I know of immediately wiped the computer that was infected and so lost any chance of being able to recover anything.

Yes. Definitely.

The hard drive is the only place that a virus can 'live'. RAM is wiped each time you reboot your computer, so a virus that only lived in ram would be rendered useless by rebooting.

There has been talk of the possibility of a virus that could live elsewhere, e.g. in the firmware of devices, but as far as I know it has only ever been speculation on the possibilities.

A clean install, properly done, will clear things up for you on the machine that got infected. And let's assume that you're not going to reinfect the clean OS when you move data back onto the drive. But even then, running XP is still never going to be secure. I just can't recommend it.

At this point, given that you're migrating all your data off the machine (fingers crossed that you can get it decrypted) then I would think that most people in your position would just buy a new machine. You must be able to get a Win 7 machine with a far higher spec than yours (which must be many years old, even if you only got it a few years ago) for a relatively small sum.

How many days do you have left? 2? Try decrypting before formatting (I suggest dban before formatting if it comes to that).

https://noransom.kaspersky.com/ kaspersky ransomware decryptor for bitcryptor and coinvault ransomware

http://blogs.cisco.com/security/talos/teslacrypt Cisco's tool for cryptolocker and cryptowall and teslacrypt

Looking at your screenshot that mentions rsa-2048, you may have teslacrypt (see second link: "Although it claims to be using asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES instead.").

I have no experience in decrypting ransomware, but you might have the time (doubly so because you're not going to pay the ransom anyway). Also, it will probably take an entire day to decrypt a 1TB HDD that's 3+ years old. Also, you need to disconnect that computer and its drive from the internet immediately.

OK, I actually went to one of the http links from the instructions that are now displayed on my computer's desktop background and got to a page where it mentions that the ransom has been doubled to 1000USD and is offering me the option to buy BitCoins and send the payment to some BitCoin Wallet. It is also offering me the opportunity decrypt 1 file for free right now, to show that the decryption key is legitimate and will work to decrypt the encrypted files, if I make the ransom payment and pay for the key. Is there possibly any way to use this opportunity to decrypt the 1 file for free and then obtain any sort of beneficial information about the decrpytion key or process? If so, should I use the 1 free decryption now, or should I wait to try it later on? Or, is it possible/likely, if I don't use this opportunity to decrypt the 1 file for free, that I will lose this opportunity to decrypt 1 file for free?

Here is the message being displayed on the webpage right now:

- Your files are encrypted.
- You did not pay in time for decryption, that`s why the decryption price increases 2 times. At the moment, the cost of decrypting your files is 1000 USD.
- In case of failure to 09/12/15 your key will be deleted permanently and it will be impossible to decrypt your files.

- First connect IP:

- We give you the opportunity to decipher 1 file free of charge! You can make sure that the service really works and after payment for the CryptoWall program you can actually decrypt the files.

- Please select a file to decrypt and load it to the server

- Note: file should not be more than 512 kilobytes

If anyone is in this thread and reading this, will someone more knowledgeable than me try to respond promptly with a reasonable and helpful response about what I should do while on this page with the opportunity to decrypt the 1 file for free?? If so, it would be very much appreciated!!

So the messages quoted in your latest post suggest this is a variant of CryptoWall, although the picture you posted above was missing the reference that I think would ordinarily appear on the first line (after RSA 2048). So this may be CryptoWall (most recent version, particularly nasty, is 4.0) or it may be something ripped off from or pretending to be CryptoWall.

You could try reading this for more information - try to work out if what you're seeing matches any of these variants of the ransomware. Knowing exactly what you're dealing with would be an advantage. Note that although that link includes a removal guide it's about removing the virus not decrypting the files. Note too that I have no idea how legitimate or accurate it is; Google is your friend here.

Having said all that, it strikes me that you almost certainly face a stark decision: you either risk $1000 in the next few days in the hope that it will secure for you a working decryption key; or you move on.

I think the recommended approach is generally not to pay: there are no guarantees and even if you do get a result you're only encouraging this malicious business model to propagate.

Having said that, if you absolutely have to get these files back, and assuming you can't quickly identify the ransomware as something where the encryption has been cracked, then your best shot probably would be to pay. Decrypting a test file may reassure you about the key being available, but who's to say that it won't result in worse consequences for you?

The only other option I can think of is that if you hang on to your copies of the encrypted files, you might in future be fortunate enough that a decryption key is published.

In short, you need to decide what to do here and embrace your decision (with all the risks and benefits it offers). Procrastinating is not helping you.

First off, I want to thank you for taking the time to reply and offer up so much information and advice. I really appreciate the efforts you have made to try to help me with this.

As for possibly paying the ransom, I have to mention that coming up with anything close to $500 right now would be extremely difficult and completely unrealistic, as I just moved in to a new place less than a month ago and I still owe the landlord $350 of the $700 security deposit, because I did not have enough cash to cover it. So, that's just not even a realistic consideration right now. However, I do actually have like $45 in a friend's PayPal account that I thought about trying to offer up as a negotiated payment amount. I realize that $45 is likely going to be laughed at by someone expecting $500-$1,000, but being that I do not have the means to realistically even try to pay anything close to that amount, I was thinking/hoping that they might look at it as any amount of money (even the relatively small amount of $45) is better than no money at all.

I also want to acknowledge and fully agree that my procrastination is not good; but this stuff is seriously stressful to me to deal with/even think about, and I honestly am not sure what I should be trying to do about this right now. I pretty much feel overwhelmed with this situation and I don't know what I should be doing to try to resolve it.

Also, I actually started a thread on this on 4Chan last night (likely, at least somewhat foolish, I know) on the /g/ board, in hopes of getting some helpful replies. I will post a link to it and hope that it is allowed, and that the thread will also stay up long enough for you to check it out, if you'd like to.

Here's the link to the thread on their Technology board: https://boards.4chan.org/g/thread/51643257

And for the record, while likely being at least somewhat foolish (because of the many smartass, immature people who often post on there), I chose to post on there because of the amount of traffic that is often active on there. Plus, there are some very knowledgeable people who post there, so I was hoping to try to get some legitimately helpful advice/ideas/information.

If you feel like checking out that thread, please feel free to do so. There are quite a few replies, as the thread has been open for about 5-6 hours now. And, either way, again, please know that I genuinely appreciate the efforts of the people who are truly trying to help me, like yourself!

For the record I think your chances of negotiating a price here are vanishingly small. All the chips are stacked against you here. Have you searched online for others' experiences in that respect (although of course you must assume that anyone else was dealing with different crooks)?

You would be better finding someone who can confirm for you whether preserving a copy of the encrypting files will leave you an opportunity to decrypt them in future if the encryption is cracked by someone. I assume this will be the case - but can't emphasise enough that there is still no guarantee that the encryption will be cracked.

Last, I haven't read your thread on 4chan, not least as that's one site I can't click on from work, but I'm still not seeing any evidence of you engaging with a key question that I've mentioned before. Have you worked out yet which ransomware this is (and which variant)? With the greatest respect you seem to be repeating your general cry for help without adding the details that would help people give you more focused advice.

Ops posts in 4chan are similar to here, kind of generic pleas for an easy way to decrypt everything.

Someone on there seems to think he has teslacrypt, which actually doesnt use the encryption it claims, and is possibly fixable. But I dunno why they think that as I'm not sure how to distinguish between the two since one is essentially a copy of the other.
http://blogs.cisco.com/security/talos/teslacrypt