Ransomware Encryption Virus

pclab

Moderator
Hey Guys

How's your investigation about this cases?
I was told that could be made a Raw recovery and get the data.
I have a Guinea Pig here now to test and play during the week-end.

Cheers
 

lcoughey

Moderator
Find out how much the ransom costs, mark it up, quote the client, pay the ransom, decrypt the drive and tell the client that you recovered their data. Personally, I'm not really interested in getting into this...what happens of the paid-for software has something in it to infect your systems and network?
 

pclab

Moderator
Well, I will do this on a "disposable" computer, so no problems with that.
If I can provide a cheaper solution to a client, he will probably accept that, better than paying 600€....
 

Jared

Administrator
Staff member
Yeah, RAW recoveries rarely ever find a useful amount of data. Even though these viruses create a new encrypted file first then delete the original, they overwrite most as they move on to the next file, and the next... I was doing these for a while at my regular software recovery rate but I had to stop. The customers are never happy with the result so they don't want to pay afterward, or they ask for some crazy discount because of the small amount of actual recovered data.

Now when people ask, I just point them to the software section on my site, tell them to download a demo appropriate to their OS and see what it finds. At least I can make a $20 commission that way and not waste my time.
 
Top