Hello all,
A windows computer of a client has been infected with a Ransomware Virus. The result ist that all his personnal files and the files of a connected Flexshare have been crypted... Grrrrr
It seems that the virus, for each file, made a crypted copy and deleted the originals. Is there a possible way to recover these deleted files like an "undelete" (the Recycle Bin was not activate) ...
Unfortunately, the backup files cannot be used (too old)
Per advance, I thank you very much for your help
Kind REgards
A windows computer of a client has been infected with a Ransomware Virus. The result ist that all his personnal files and the files of a connected Flexshare have been crypted... Grrrrr
It seems that the virus, for each file, made a crypted copy and deleted the originals. Is there a possible way to recover these deleted files like an "undelete" (the Recycle Bin was not activate) ...
Unfortunately, the backup files cannot be used (too old)
Per advance, I thank you very much for your help
Kind REgards
Share this post:
Responses (4)
-
Accepted Answer
-
Accepted Answer
I am surprised there is no .trash. I thought they were there by default (I don't use flexshares). Do a "locate .trash --basename".
The same comment applies for ClearOS. If you are looking to recover files it is best to take it offline.
Please google ransomeware solutions as well.
[edit]
The default .trash may be at top level of the filesystem and common to all shares.
[/edit] -
Accepted Answer
-
Accepted Answer
If the files were on flexshares, with something like WinSCP have a look on the server at for .trash folders which are probably at the top of any flexshare path.
If the files were on the PC you may have a chance or recovering old files. To do this take the PC offline and remove the disk. Work on the disk from another PC, or, even better, a copy of the disk from another PC. The more the original PC is on, the more chance it has of overwriting the deleted files which is bad.
A while ago on some security forum I bumped into, I noticed that they had found a way to recover some/all files. Presumably this is with a particular version to the ransomware, but I don't know.
[edit]
Try googling "recover ransomeware".
[/edit]
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »