Ransomware

Moderators: Roman_TS, Maxim_TS, Filipp_TS

User avatar
Garry_TS
Site Admin
Posts: 36
Joined: 06.05.14
Reputation: 4 / (35)

Ransomware

Postby Garry_TS » 10.03.17, 17:55

There are situations in data recovery when you are able to open a folders tree, but files can't be opened.
There is no shifts caused by translator damage, no software encryption like EFS.

You are beating brain under this problem, but if take a closer look you will see the answer. It's ransomware.

What are the signs of ransomware?

All file structure can be opened, but files can't be.

If you will check first sector of JPG there will be something like:

Image

Also, usually there is a specific file in root of partition or home catalog:

Image

When you open it you will see something like

Image

For example, in case from picture there was a Spora ransomware which encrypts files with .xls, .doc, .xlsx, .docx, .rtf, .odt, .pdf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .accdb, .jpg, .jpeg, .tiff, .zip, .rar, .7z, .backup extensions and doesn't change names of files.

Is there any solution ?

For now, there is no solution from ACELab because it's not our business specialization.

I recommend to check special resources like NoRansom from Kaspersky Lab and ID Ransomware from Malware Hunter Team and google for detailed info about your type of ransomware and possible decryptors.

How can I protect from ransomware

* Make a regular backups
* Use anti-virus software
* Do not open suspicious attachements

User avatar
Amarbir[CDR-Labs]
Advanced user
Posts: 706
Joined: 03.08.09
Reputation: 7 / (73)

Re: Ransomware

Postby Amarbir[CDR-Labs] » 12.03.17, 19:16

Thanks Pavel,
I do not take any ransomeware cases myself
Regards
Amarbir S Dhillon ,CDR Labs [ Chandigarh ,India ]
DataRecovery - The Affordable Way In India
Visit - > http://www.chandigarhdatarecovery.com My Facebook - > https://www.facebook.com/chandigarhdatarecovery

User avatar
cuumaytinh
New user
Posts: 55
Joined: 19.08.13
Reputation: 2 / (19)

Re: Ransomware

Postby cuumaytinh » 19.10.19, 06:24

With ramsoware there's no way except that you have the key to decode. Some ransoware only encodes the first few sectors first. but most of it will encrypt the whole file.


Return to “F.A.Q”

Who is online

Users browsing this forum: No registered users and 1 guest