How to safely format a Hdd with a ransomeware

[tomytoka]

Hi i found a 3tb green wd drive at my dad office and i want to format it in a safe way. How can i do it?

[AngryBeaver]

1 minute ago, tomytoka said:

Hi i found a 3tb green wd drive at my dad office and i want to format it in a safe way. How can i do it?

Are you trying to get your dad fired? Do you know how serious it is to remove a hard-drive that has been used by a company? There is a reason why companies have DLP (Data Loss Prevention) and then legal teams that handle those things. What you just did was potentially take confidential company information which is a crime btw.

 

So my advice would be to RETURN it. If you want a hard-drive then buy one.. you can get a 3tb drive new for $50-$60. So why risk your dads job to save a few bucks.

[Electronics Wizardy]

You can just format it. Nothing really special you have to do if you want to reuse it.

[Streetguru]

13 minutes ago, Electronics Wizardy said:

You can just format it. Nothing really special you have to do if you want to reuse it.

Unless it's crazy ransomware that infects the PC you hook it up to or lives in the firmware of the hard drive.

[Windows7ge]

Assuming it's something that's only active when the OS is active you could just plug it into another Windows box and wipe the drive.

 

If it's infectious enough to go after OS's on other disks you could just grab a Windows Installer CD/USB and wipe it that way.

 

Also alternatively you could plug it into a Linux or Mac box and wipe it that way. The ransomware can't migrate to a OS it doesn't have the code to interact with. I would expect the people who wrote this ransomware code for windows wouldn't have the code in the background to make it compatible with Linux. It wouldn't be worth it to them.

[AngryBeaver]

36 minutes ago, Windows7ge said:

Assuming it's something that's only active when the OS is active you could just plug it into another Windows box and wipe the drive.

 

If it's infectious enough to go after OS's on other disks you could just grab a Windows Installer CD/USB and wipe it that way.

 

Also alternatively you could plug it into a Linux or Mac box and wipe it that way. The ransomware can't migrate to a OS it doesn't have the code to interact with. I would expect the people who wrote this ransomware code for windows wouldn't have the code in the background to make it compatible with Linux. It wouldn't be worth it to them.

Depending on how they have it setup it wouldn't be that hard to have it work on multiple OSes. Now most of the time they target certain things, but the time to make it work with Linux and windows isn't much. A few scripts and maybe executable. In the end if it is a proper worm it will get the whole machine if you aren't careful.

 

Either way this drive belongs to a company and could have information on it that is either important or sensitive enough he shouldn't be interacting with it. If you see anything then chances are it wasn't even properly encrypted to protect their data. If it was me doing this I would boot a live USB of your flavor of Linux and blow it up from there. If not you could make a windows boot/tool usb and blow it up and format with gparted.

[Windows7ge]

20 minutes ago, AngryBeaver said:

Either way this drive belongs to a company and could have information on it that is either important or sensitive enough he shouldn't be interacting with it. If you see anything then chances are it wasn't even properly encrypted to protect their data.

I think OP just isn't telling us the whole story, "Dad's office" doesn't immediately mean a large or corporate office that has DLP and legal teams. I could similarly say the same thing. In real life my dad also has an office, I took apart his office computer and put an SSD w/ windows 10 in it. Nobody actually gave me permission they were just complaining that it was slow.

 

Now to fill in the blanks:

1. He's the business owner

2. The company only has 3 employees

3. I'm the technician for the network and computers

4. The office is in our home

5. We have no DLP or legal team

 

Jumping to conclusions isn't a good thing. Wait for OP to tell you WHERE exactly the drive came from and his/her affiliation to the company before you explode on them. As of this moment they've only made 5 posts this isn't a good first impression of the LTT forum.

 

20 minutes ago, AngryBeaver said:

Depending on how they have it setup it wouldn't be that hard to have it work on multiple OSes. Now most of the time they target certain things, but the time to make it work with Linux and windows isn't much. A few scripts and maybe executable. In the end if it is a proper worm it will get the whole machine if you aren't careful.

 

If it was me doing this I would boot a live USB of your flavor of Linux and blow it up from there. If not you could make a windows boot/tool usb and blow it up and format with gparted.

That's good to know. Linux on a thumb drive or a Windows Installer on CD (read-only) would probably be the 2 directions I'd go. Which-ever was more convenient or within reach.

[AngryBeaver]

3 hours ago, Windows7ge said:

I think OP just isn't telling us the whole story, "Dad's office" doesn't immediately mean a large or corporate office that has DLP and legal teams. I could similarly say the same thing. In real life my dad also has an office, I took apart his office computer and put an SSD w/ windows 10 in it. Nobody actually gave me permission they were just complaining that it was slow.

 

Now to fill in the blanks:

1. He's the business owner

2. The company only has 3 employees

3. I'm the technician for the network and computers

4. The office is in our home

5. We have no DLP or legal team

 

Jumping to conclusions isn't a good thing. Wait for OP to tell you WHERE exactly the drive came from and his/her affiliation to the company before you explode on them. As of this moment they've only made 5 posts this isn't a good first impression of the LTT forum.

 

That's good to know. Linux on a thumb drive or a Windows Installer on CD (read-only) would probably be the 2 directions I'd go. Which-ever was more convenient or within reach.

The chances of this being his dad's business is low going off his wording.

 

That being said even if they have no DLP department it is still a very bad idea to remove a company owned drive for any reason. 

 

If you did this at my company for example... then termination paperwork would be drawn up and the police would be waiting for you.

 

My point was that removing any type of storage media is a serious thing and proper approval and channels would need to be followed. This being a drive hit with ransomware would make it more so imo.

 

 

[Windows7ge]

48 minutes ago, AngryBeaver said:

The chances of this being his dad's business is low going off his wording.

 

That being said even if they have no DLP department it is still a very bad idea to remove a company owned drive for any reason. 

 

If you did this at my company for example... then termination paperwork would be drawn up and the police would be waiting for you.

 

My point was that removing any type of storage media is a serious thing and proper approval and channels would need to be followed. This being a drive hit with ransomware would make it more so imo.

 

If you work for a large corporate like business or a school/college then yes all of your points are valid.

 

If it's just a little ma & pa type business or a little computer shop then none of your points apply.

 

We don't know. OP has to clarify.

[tomytoka]

i didn't wanted to explain how i got the drive (i thought it wasn't important) but ok, my dad had a company and the drive was from a server  , the company closed and when i was helping my dad clean all the things left from the company i found the drive that said ransomeware i ask him if i could keep it and he said yes, so i have the permission from the owner (it's my dad) and the company doesn't exist anymore. they were going to throw the drive so instead of generating more e-waste i wanted to try to keep it and found a use for it

[Windows7ge]

You need to quote or @ people if you want them to see your response.

1 hour ago, tomytoka said:

i didn't wanted to explain how i got the drive (i thought it wasn't important) but ok, my dad had a company and the drive was from a server  , the company closed and when i was helping my dad clean all the things left from the company i found the drive that said ransomeware i ask him if i could keep it and he said yes, so i have the permission from the owner (it's my dad) and the company doesn't exist anymore. they were going to throw the drive so instead of generating more e-waste i wanted to try to keep it and found a use for it

@AngryBeaver This is why jumping to conclusions is bad.