May 11th, 2022, 9:25
May 11th, 2022, 10:28
May 11th, 2022, 11:58
June 3rd, 2022, 4:52
June 4th, 2022, 9:58
suricate.ch wrote:Just a note, I had an IT company coming with eking ransomware from one of their customer on a server with 3 x 450 GB Seagate SAS drive. I image the drive and recreate the RAID in DE. Not all files visible on FS were encrypted. I also did a RAW recovery and got some data. (they paid the ransom but never received the key).
At the end, I can't say customer was happy as important files were still encrypted but they were surprise to get something. They asked me and paid to get an image of the RAID. They could then rebuild server and still have all data.
When I get Ransomware customer, I always try everything possible and most of the time customer are happy. I can't decrypt files but I am giving them some data.
Powered by phpBB © phpBB Group.