Jump to content

Reputable data recovery in FL?

BitGhost
 Share
Posted

Had a relative call me up with a PC question, long story short there was some kind of ransomware doing it's thing and encrypting files in their drive so I had them pull the plug immediately. So now the question is where do I tell them to take it for recovery? I have no idea how far the drive encryption progressed but it hasn't been turned on since then. System is an ancient machine with like 8 external hard drives hooked up to it with mostly family photos which are mostly redundant copies or slightly different versions of each other. I'm not about to go dig into this myself so -

Is there anywhere recommendable in Florida that could totally or partially recover the files from the drives? And will also not scam a grandma like a sleazy mechanic. Personal experience if you have any. I was recommended Datacillin but that would mean putting hard drives in the mail to NY and I really don't want to be on the hook when usps loses them. Instead they have time to drive it somewhere themselves for a day.

Link to comment
https://linustechtips.com/topic/1612719-reputable-data-recovery-in-fl/
Share on other sites
Link to post
Share on other sites
Posted

If the files are encrypted and there's no known weakness in the particular malware, there's virtually no way to recover the files that are already encrypted. If you know what malware it is, you could try to searching whether its decryption key is known.

 

Easiest way to recover files that aren't already encrypted should be booting from a live Linux USB-image and copying them somewhere else. Though be wary of anything you copy, since it might be infected by the malware, particularly executable files. If you copy these to another Windows system and run them, it could become infected in turn. The chances of it infecting a Linux system are considerable smaller, though non-zero.

 

Best chance of recovery would be a backup (they already have), from a medium that isn't permanently connected to the system. I assume this is not something they have right now, but something I would strongly recommend they do going forward.

Remember to either quote or @mention others, so they are notified of your reply

Link to post
Share on other sites
Posted
  • Author
8 hours ago, Eigenvektor said:

If the files are encrypted and there's no known weakness in the particular malware, there's virtually no way to recover the files that are already encrypted. If you know what malware it is, you could try to searching whether its decryption key is known.

 

Easiest way to recover files that aren't already encrypted should be booting from a live Linux USB-image and copying them somewhere else. Though be wary of anything you copy, since it might be infected by the malware, particularly executable files. If you copy these to another Windows system and run them, it could become infected in turn. The chances of it infecting a Linux system are considerable smaller, though non-zero.

 

Best chance of recovery would be a backup (they already have), from a medium that isn't permanently connected to the system. I assume this is not something they have right now, but something I would strongly recommend they do going forward.

Again I'm not going to fly over there to set it up. I need someone else to recover anything that isn't encrypted without also spreading it. They had "backups" by copy-pasting files to multiple drives, but all drives were left connected so it's moot 😕

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing General Discussion

×