User avatar
pclab
Forum Moderator
Posts: 1591
Joined: Tue Jan 13, 2015 4:55 pm
Contact: Website Facebook

Ransomware Encryption Virus

Thu Oct 29, 2015 8:23 am

Hey Guys

How's your investigation about this cases?
I was told that could be made a Raw recovery and get the data.
I have a Guinea Pig here now to test and play during the week-end.

Cheers
www.pclab.com.pt
facebook.com/PCLAB.Assistencia.Tecnica

User avatar
lcoughey
Forum Moderator
Posts: 581
Joined: Mon Jan 12, 2015 12:46 pm
Location: Ontario, Canada
Contact: Website Facebook Twitter Google+

Re: Ransomware Encryption Virus

Thu Oct 29, 2015 10:50 am

Find out how much the ransom costs, mark it up, quote the client, pay the ransom, decrypt the drive and tell the client that you recovered their data. Personally, I'm not really interested in getting into this...what happens of the paid-for software has something in it to infect your systems and network?

User avatar
pclab
Forum Moderator
Posts: 1591
Joined: Tue Jan 13, 2015 4:55 pm
Contact: Website Facebook

Re: Ransomware Encryption Virus

Thu Oct 29, 2015 11:55 am

Well, I will do this on a "disposable" computer, so no problems with that.
If I can provide a cheaper solution to a client, he will probably accept that, better than paying 600€....
www.pclab.com.pt
facebook.com/PCLAB.Assistencia.Tecnica

User avatar
Jared
Forum Admin
Posts: 3492
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Thu Oct 29, 2015 12:24 pm

Yeah, RAW recoveries rarely ever find a useful amount of data. Even though these viruses create a new encrypted file first then delete the original, they overwrite most as they move on to the next file, and the next... I was doing these for a while at my regular software recovery rate but I had to stop. The customers are never happy with the result so they don't want to pay afterward, or they ask for some crazy discount because of the small amount of actual recovered data.

Now when people ask, I just point them to the software section on my site, tell them to download a demo appropriate to their OS and see what it finds. At least I can make a $20 commission that way and not waste my time.

Return to “Cyber Security & Malware”

Who is online

Users browsing this forum: No registered users and 0 guests