# What a recovery!



## zadiac (2/2/22)

Just finished re-installing everything. Still busy with hard drive recovery operations. Had a little ransomware attack yesterday. Lost everything. Backup drives were plugged in as I was actually busy doing backups when the ransomware hit. Couldn't remove the drives fast enough. 25 years of studio recording data, video projects, photos, videos and other stuff gone. You could boil and egg in my ass. The language and words that I uttered probably paved my road to hell completely. I've never been so angry in my life.
Managed to recover most of my emails, but not the most recent. Lucky most of it was backed up on Gmail.

Reactions: Winner 2 | Can relate 1


----------



## Intuthu Kagesi (2/2/22)

Ouch!  ... time for a firewall methinks ... even an old PC with Linux and NAT, with some random port remapping is better than a kick in the butt, (_not unlike what you received_) ... throw in a honeypot and you're set 
Glad you recovered the Lions share tho'

Reactions: Agree 1 | Winner 1


----------



## Rob Fisher (2/2/22)

So sorry @zadiac! Not lekker at all!

Reactions: Agree 4


----------



## Raindance (2/2/22)

zadiac said:


> Just finished re-installing everything. Still busy with hard drive recovery operations. Had a little ransomware attack yesterday. Lost everything. Backup drives were plugged in as I was actually busy doing backups when the ransomware hit. Couldn't remove the drives fast enough. 25 years of studio recording data, video projects, photos, videos and other stuff gone. You could boil and egg in my ass. The language and words that I uttered probably paved my road to hell completely. I've never been so angry in my life.
> Managed to recover most of my emails, but not the most recent. Lucky most of it was backed up on Gmail.


Glad you managed to recover from that with little loss.

Regards

Reactions: Agree 2 | Winner 1 | Can relate 1


----------



## zadiac (3/2/22)

Intuthu Kagesi said:


> Ouch!  ... time for a firewall methinks ... even an old PC with Linux and NAT, with some random port remapping is better than a kick in the butt, (_not unlike what you received_) ... throw in a honeypot and you're set
> Glad you recovered the Lions share tho'



I was running two firewalls and it still came through. That's the price for running only windows AV instead of a proper one. Bought Bitdefender now and making use of its VPN as well. Can't figure out how it happened. Afaik, the moment you run software infected with ransomware, it activates immediately. I haven't downloaded or installed software in weeks or opened unknown emails.
So far, only emails recovered. Still looking for software to recover lost work. So far, all recovery software recovers a lot of files, but they don't retain the filenames and folder structure, and I need that. Without the filenames and folder structure, the recovered files are useless to me.
Only program that does that, is Diskgenius, but I don't have a registered one. It's expensive. It retains the file names and folder structure, but puts a watermark on photos and videos if it's not registered.

Reactions: Like 1 | Winner 1 | Informative 1


----------



## Intuthu Kagesi (3/2/22)

zadiac said:


> I was running two firewalls and it still came through. That's the price for running only windows AV instead of a proper one. Bought Bitdefender now and making use of its VPN as well. Can't figure out how it happened. Afaik, the moment you run software infected with ransomware, it activates immediately. I haven't downloaded or installed software in weeks or opened unknown emails.
> So far, only emails recovered. Still looking for software to recover lost work. So far, all recovery software recovers a lot of files, but they don't retain the filenames and folder structure, and I need that. Without the filenames and folder structure, the recovered files are useless to me.
> Only program that does that, is Diskgenius, but I don't have a registered one. It's expensive. It retains the file names and folder structure, but puts a watermark on photos and videos if it's not registered.



Shoooooweeeeeeeeee ... that's a lil' concerning ... here I am thinking my firewall and antivirus, (_Trend on Windoze PCs and Comodo on Linux_), has me covered , save to say that I run daily backups on a CRON, but after hearing of your attack, think I'm going to dismount my array between use as an additional precaution.
Hope you come right with your file recovery.

Reactions: Like 1 | Winner 1


----------



## Christos (3/2/22)

Intuthu Kagesi said:


> Shoooooweeeeeeeeee ... that's a lil' concerning ... here I am thinking my firewall and antivirus, (_Trend on Windoze PCs and Comodo on Linux_), has me covered , save to say that I run daily backups on a CRON, but after hearing of your attack, think I'm going to dismount my array between use as an additional precaution.
> Hope you come right with your file recovery.


Simpler solution would be to have a cloud backup and start again fresh if you get infected. 

I see it like getting a flat tire, it’s going to happen, you just don’t know when!

Reactions: Like 1 | Winner 2


----------



## Intuthu Kagesi (3/2/22)

Christos said:


> Simpler solution would be to have a cloud backup and start again fresh if you get infected.
> 
> I see it like getting a flat tire, it’s going to happen, you just don’t know when!



I do local backups ... I trust cloud security as much as I trust the ANC ... Your point is valid tho' ... BACKUP your device(s)!

Reactions: Funny 1


----------



## zadiac (5/2/22)

Intuthu Kagesi said:


> Shoooooweeeeeeeeee ... that's a lil' concerning ... here I am thinking my firewall and antivirus, (_Trend on Windoze PCs and Comodo on Linux_), has me covered , save to say that I run daily backups on a CRON, but after hearing of your attack, think I'm going to dismount my array between use as an additional precaution.
> Hope you come right with your file recovery.



I was actually busy doing backups at the time, so both my backup drives were connected to the PC. I couldn't unplug them fast enough, so both of them were infected as well. MBR on all drives scrambled, but luckily no files were encrypted. Formatted everything, ran DiskGenius and got 90% of everything back. Had to fork out R1500 for DG, but worth every cent. Unfortunately, some of my most important stuff was unrecoverable. Busy re-scanning the drives now. If that doesn't work, then so be it.

Reactions: Like 1 | Winner 2


----------



## Intuthu Kagesi (5/2/22)

zadiac said:


> I was actually busy doing backups at the time, so both my backup drives were connected to the PC. I couldn't unplug them fast enough, so both of them were infected as well. MBR on all drives scrambled, but luckily no files were encrypted. Formatted everything, ran DiskGenius and got 90% of everything back. Had to fork out R1500 for DG, but worth every cent. Unfortunately, some of my most important stuff was unrecoverable. Busy re-scanning the drives now. If that doesn't work, then so be it.



Ouch! 
You've certainly opened my eyes to a new challenge ... gonna have to give it a lot more thought, as clearly the methods of old are not as effective as I thought  ... Glad you got most of your important work back tho'

Reactions: Agree 1 | Winner 1


----------



## supermoto (5/2/22)

Would disconnecting from the internet while doing backups have helped?, If you're offline then surely no chance of being hacked while your backup drives are connected.
I'm a carpenter and old so have very limited knowledge of pc systems so if this suggestion is total crap don't roast me

Reactions: Like 2 | Winner 1


----------



## zadiac (6/2/22)

supermoto said:


> Would disconnecting from the internet while doing backups have helped?, If you're offline then surely no chance of being hacked while your backup drives are connected.
> I'm a carpenter and old so have very limited knowledge of pc systems so if this suggestion is total crap don't roast me


I was busy working on some music recordings and then I always connect my backup drives, so I can back up as I finish with work. Thing is, I don't know if this malware was on my pc already or came in from the internet. I haven't downloaded and installed anything in weeks before that, so I don't know how it happened.
Lucky, it seems I'm getting everything back. Emails and deleted files. The malware scrambled the MBR of every hard drive connected to my pc and this happened instantly. The drive then seems empty, but after running several recovery programs, I settled on DiskGenius as it picked up all my files on the drive and kept everything in the correct order with file names according to the original directory structure. Other recovery programs did not do this, they just picked up the files according to type and assigned a number to each file, which would have been useless to me. The price of DG is worth every cent. I bought Bitdefender now and the Bitdefender VPN. Also bought a new 4TB hard drive that will only be connected once I'm ready to back up and then disconnected again.
As said by @Intuthu Kagesi, I also do not trust cloud backup and prefer local.

Reactions: Like 1 | Winner 3


----------

