Ransomware

Moderators: Roman_TS, Maxim_TS, Filipp_TS

User avatar
Garry_TS
Site Admin
Posts: 36
Joined: 06.05.14
Reputation: 4 / (35)

Ransomware

Postby Garry_TS » 10.03.17, 15:55

There are situations in data recovery when you are able to open a folders tree, but files can't be opened.
There is no shifts caused by translator damage, no software encryption like EFS.

You are beating brain under this problem, but if take a closer look you will see the answer. It's ransomware.

What are the signs of ransomware?

All file structure can be opened, but files can't be.

If you will check first sector of JPG there will be something like:

Image

Also, usually there is a specific file in root of partition or home catalog:

Image

When you open it you will see something like

Image

For example, in case from picture there was a Spora ransomware which encrypts files with .xls, .doc, .xlsx, .docx, .rtf, .odt, .pdf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .accdb, .jpg, .jpeg, .tiff, .zip, .rar, .7z, .backup extensions and doesn't change names of files.

Is there any solution ?

For now, there is no solution from ACELab because it's not our business specialization.

I recommend to check special resources like NoRansom from Kaspersky Lab and ID Ransomware from Malware Hunter Team and google for detailed info about your type of ransomware and possible decryptors.

How can I protect from ransomware

* Make a regular backups
* Use anti-virus software
* Do not open suspicious attachements

User avatar
Amarbir[CDR-Labs]
Advanced user
Posts: 785
Joined: 03.08.09
Reputation: 8 / (80)

Re: Ransomware

Postby Amarbir[CDR-Labs] » 12.03.17, 17:16

Thanks Pavel,
I do not take any ransomeware cases myself
Regards
Amarbir S Dhillon ,CDR Labs [ Chandigarh ,India ]
DataRecovery - The Affordable Way In India
Visit - > http://www.chandigarhdatarecovery.com My Facebook - > https://www.facebook.com/chandigarhdatarecovery

User avatar
cuumaytinh
New user
Posts: 57
Joined: 19.08.13
Reputation: 2 / (19)

Re: Ransomware

Postby cuumaytinh » 19.10.19, 05:24

With ramsoware there's no way except that you have the key to decode. Some ransoware only encodes the first few sectors first. but most of it will encrypt the whole file.


net2
Newbie
Posts: 13
Joined: 17.11.19
Reputation: 0 / (1)

Re: Ransomware

Postby net2 » 19.09.21, 01:17

Excellent article Garry, thank you. :thumbup:

OPEN QUESTION: Why are some labs offering ransomware recovery? do they just intermediate between customer and Hacker? :shockable:

User avatar
arvika
New user
Posts: 80
Joined: 14.10.09
Reputation: 2 / (23)

Re: Ransomware

Postby arvika » 21.12.21, 00:12

net2 wrote:Source of the post Excellent article Garry, thank you. :thumbup:

OPEN QUESTION: Why are some labs offering ransomware recovery? do they just intermediate between customer and Hacker? :shockable:


No. They develop solutions recovery from some type of ransomware.
Flash Killer - everyday new resources (pinout, XOR, ECC,config) for flash devices

User avatar
Amarbir[CDR-Labs]
Advanced user
Posts: 785
Joined: 03.08.09
Reputation: 8 / (80)

Re: Ransomware

Postby Amarbir[CDR-Labs] » 30.12.21, 16:16

net2 wrote:Source of the post Excellent article Garry, thank you. :thumbup:

OPEN QUESTION: Why are some labs offering ransomware recovery? do they just intermediate between customer and Hacker? :shockable:


Well,
I do not agree to above post .Mostly they are repairing videos photos and databases based on stop.djvu ransomeware .Yes they act as intermediaries also between party and hacker
Regards
Amarbir S Dhillon ,CDR Labs [ Chandigarh ,India ]
DataRecovery - The Affordable Way In India
Visit - > http://www.chandigarhdatarecovery.com My Facebook - > https://www.facebook.com/chandigarhdatarecovery


Return to “F.A.Q”

Who is online

Users browsing this forum: No registered users and 1 guest