Ransomware Defeated

Published on
322 Points
Last Modified:
Edward Kivell
Computer consultant from 1989 to present. web site -  www.resourcewiz.com
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.

The owner of a plumbing and heating company opened what he thought was a safe email about a FedEx tracking number. The email turned out a ransomware scam. Thus, within a nanosecond, all of the data files were encrypted. The attached external backup drive was also encrypted.
The thieves had a message that the owner had to pay a ransom in bitcoin to get access to an encryption key, So, after, I calmed the owner down, I did the following:

A) Removed the ransomware virus using the program, Malwarebytes.
B) Recovered hidden copies of the encrypted files using ShadowExplorer.

The free version of Malwarebytes successfully removed the ransomware infection after scanning the hard drive.  The recovery program, ShadowExplorer, allows you to browse Windows Shadow Volume Copies created by the Windows Vista, Windows 7, Windows 8, and Windows 10 Volume Shadow Copy Service. When these Shadow Volume Copies are created, they also create copies of changed data files on your computer.  ShadowExplorer allows you to use the Shadow Volume Copies to restore files back to previous versions or even to restore a deleted file. The features of ShadowExplorer include -

1.    Reveal currently available copies of files.

2.    The user can browse through the available Shadow copies.

3.    Allows the user to recover files and folders.

Make sure that Volume Shadow Copy is enabled under services.  Here is a Youtube video, https://www.youtube.com/watch?v=VlcKJ-2mEg0 created by MalwareLess, that visually explains the use and the various recovery screens of ShadowExplorer.

So, the files were restored and the owner didn't have to pay a ransom.

For those who wish to avoid the trap of Ransomware, there are anti-ransomware utilities suchas Ransomfree by Cybereason, Anti-ransomware Tools by Trend Micro, Kapersky Anti-Ransomware Tool to name a few.


Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Join & Write a Comment

A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month