Well I wanted to give everyone an update on my situation...

Thanks to the help and guidance of the members of this community I was able to use localbitcoins to find a seller.
I met up with him, "VenturaCountyExchange" on localbitcoins.com, and he turned out to be a great person.
The transaction went very smoothly and he made it a lot less stressful than I thought it would be.

With my .85 of a bitcoin I made the transfer to the hackers. In return they linked me to the specific decrypt program for the locked files on my clients computer.
We tested out the program on a non connected computer and while it was flagged by security essentials as a virus, the program looked legit and nothing to suspicious about it. We then unzipped the file on his computer and began to run the software.

CURRENTLY it is working, each file is being unlocked.


In summary I want to thank you all. I also do not encourage anyone to pay these people if it happens to you.
I think it is a shitty thing to have to pay 550$ and give them a gain for doing what they are doing.
However that was not my decision and I guess I must give them credit for at least being honorable in delivering on the promise to reverse the encryption.

In the end it is a lesson to always keep cold and current backups of all data of every user with a computer as there are so many of these viruses out there.

Could have been much worse, thank you for helping me along the journey.
 
Today I am the hero lol for now....

program is still running  




special thanks to BurtW!!!

Yes, I even emailed their support a page of details and information to try and get them to increase my max. I received one word and a URL as a response, directing me to their FAQ that states the levels of an account determine your max deposit. Level one max is $78 dollars. After a couple weeks you can deposit more than $78

Again. not the removal part, we removed it in less than 10 mins. Locked files are the key, It will take that nerd (In theory) longer than the universe has existed to crack said encryption. Don't have that kind of time. All I need are the files since there are no backups. Computer would be trashed afterwards. Trust me... I have told them a million times to tell the user we should not pay the ransom, and they are insisting if its possible to try, then try we shall. From their point I totally understand. The guy needs his files, the files and his time and worth much more than the .79 bitcoin




Yes you have pretty much summed it up for me, and thank you, i'm forward this to my boss because he just doesn't get the concept that his card won't work to buy something. Anyone willing to take an AMEX Blackcard lol seriously tho.. what you're saying makes perfect sense.  



Still I can't buy gift card with a company credit card or any credit card for that matter. I'm not prepared to spend 600 bucks of personal cash for the company, if I get to that point, i'll pm you. Working to get cash from them now, but as with most companies, shit tends to get done slowly. The more I post the more I understand the beware of scammers thing, from both ends. My posts deff seem sketchy af. Yes, if I was buying a bitcoin you're right it wouldn't be hard! At this point i'm no longer trying to buy a bitcoin until they give me a different method for the transaction. Deff got a good education, and will be around here doing some further learning!

Thank you everyone for the help. Should have explained, but yes the problem isn't getting the virus off, but the fact that the files are locked, and while likely that even if .79 Bitcoin ransom was paid doesn't mean files will be unlocked, from a business sense on their end it is worth the risk. same as when they kept giving me the okay to enter their CC info on websites that I felt were very sketchy.

Also should have stated I am in Southern California.
Again thanks everyone for the input and messages, seems like I will probably not be purchasing a bitcoin in the time I have been allotted with the options my company has given me.
Will still be interested in diving more into this as I go along, or seeing if I come up with any last minute revelations lol who would ever thought it would be this hard to buy a virtual coin!

not mine. Its an employee, I work IT and am tasked to fix it, basically get his info back at any cost. . Am I correct to understand that I cannot buy a coin with CC because of so many scams/cancelled transactions?
Have been searching the local exchange thing. any other choices?

Goodluck fixing this  

If he had been on carbonite or had a single system restore point on his computer I could get his data back. At this point, super easy to get rid of the virus but every file is encrypted. Meaning none of them are able to open, even once the virus is gone. So basically I have to go on faith and pay them to give me a code. Awesome I know.



New Ransomware CryptoWall Comes With Nasty Twist
There is a new ransomware strain called CryptoWall hitting organizations. Late April, the cyber criminals who developed the CryptoDefense ransomware released a new variant called CryptoWall. This strain is for the most part the same as CryptoDefense except another brand name, different filenames for the ransom instructions, and a whole new attack vector.

IT security pundits speculated that either the criminals released a new version because CryptoDefense was being blocked by endpoint protection software, or that they sold their source code to another cyber mafia. The bad news is that the earlier vulnerability of CryptoDefense has been fixed and you can no longer yourself decrypt files that are encrypted by CryptoWall.

This puppy comes with a nasty twist though, it no longer requires a user to open an infected attachment, but uses a fresh vulnerability in Java. Malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and many others are leading people to sites that are CryptoWall infected and encrypt their drives. There is a massive attack reported by Cisco, and they have a heatmap with the countries primarily targeted. The US is, predictably, the most affected, with the UK coming in second. Map at the KnowBe4 Blog:
http://blog.knowbe4.com/bid/388403/New-Ransomware-CryptoWall-Comes-With-A-Twist

Since Cisco began blocking the attacks on April 24, its researchers said they had blocked requests to over 90 infected web domains for more than 17 percent of its cloud-security customer base. Mind you, Cisco's customer base for their cloud web security is really large, so 17% is big numbers.

In the mean time, back at the ranch, ransomware grand-daddy CryptoLocker has continued to improve the quality of its spear-phishing attacks with fake fax announcement messages that start to look very real. They also improved their marketing, as the latest version provides a new feature which is a button that gives you the chance to "Decrypt 1 file for FREE" and is fully functional. Oh Joy.

Yes, the CryptoLocker network was taken over by the Feds last week, but there are three competing gangs, and cyber criminals more than anyone build their systems to be robust, redundant and fault-tolerant because they know from the get-go they will be shut down sooner rather than later. They do not go away, they get mad and come back with an even more resilient malware version.

It's a very good idea to step your end-users through effective Kevin Mitnick Security Awareness Training. You can get a free quote to find out how much this would be for your organization. You'll be pleasantly surprised how affordable this is, and this month it comes with an innovative crypto-ransom offer you will like:
http://info.knowbe4.com/we-will-pay-your-crypto-ransom

If your network gets hit with this, look at time stamps and owner(s) of the decrypt_instructions files that were loaded to the (mapped) drives. That's how you can identify which workstation it originally came from and (re-)train the user. Reformat/reimage their PC (a.k.a. "nuke from orbit") and restore all the directories that have those encrypted files. Do a restore from a backup prior to the date you see listed on the file creations.

In case you do not have recent backups, pay the ransom and hope for the best. Surprisingly these criminals do their best to decrypt your files, it's their "reputation" after all! But do not waste a crisis like this and use it to your advantage. Strengthen your policies and IT Best Practices. Keep your systems patched and your users on their toes with security top of mind!

I need to buy 1 coin or .79 of one coin to unlock the latest CryptoWall Virus on a employee computer. There is no other solution then to try paying them to release his files. he had no back up or restore points

I am trying to buy 1 coin using American Express Business card.

Tried Virwox- max 78$ deposit - doubtful they would let me deposit multiple times

Coinmama- doesn't seem to allow us users
Coin.mx- really doesn't seem legit and also doesn't accept AMEX

Anyone have any other suggestions? may have to find an in person exchange for $700 - 1 btc locally.

Any help greatly appreciated.

Thanks.