[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Ransomware Defeated

Published on
436 Points
Last Modified:
Edward Kivell
Computer consultant from 1989 to present. web site -  www.resourcewiz.com
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.

The owner of a plumbing and heating company opened what he thought was a safe email about a FedEx tracking number. The email turned out a ransomware scam. Thus, within a nanosecond, all of the data files were encrypted. The attached external backup drive was also encrypted.
The thieves had a message that the owner had to pay a ransom in bitcoin to get access to an encryption key, So, after, I calmed the owner down, I did the following:

A) Removed the ransomware virus using the program, Malwarebytes.
B) Recovered hidden copies of the encrypted files using ShadowExplorer.

The free version of Malwarebytes successfully removed the ransomware infection after scanning the hard drive.  The recovery program, ShadowExplorer, allows you to browse Windows Shadow Volume Copies created by the Windows Vista, Windows 7, Windows 8, and Windows 10 Volume Shadow Copy Service. When these Shadow Volume Copies are created, they also create copies of changed data files on your computer.  ShadowExplorer allows you to use the Shadow Volume Copies to restore files back to previous versions or even to restore a deleted file. The features of ShadowExplorer include -

1.    Reveal currently available copies of files.

2.    The user can browse through the available Shadow copies.

3.    Allows the user to recover files and folders.

Make sure that Volume Shadow Copy is enabled under services.  Here is a Youtube video, https://www.youtube.com/watch?v=VlcKJ-2mEg0 created by MalwareLess, that visually explains the use and the various recovery screens of ShadowExplorer.

So, the files were restored and the owner didn't have to pay a ransom.

For those who wish to avoid the trap of Ransomware, there are anti-ransomware utilities suchas Ransomfree by Cybereason, Anti-ransomware Tools by Trend Micro, Kapersky Anti-Ransomware Tool to name a few.


Featured Post

Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month