I was just cleaning my tech compartment when I found an old HDD.
This HDD was infected with some ransomware sometime in 2020 and the OS on it was Windows 10.
Is there any possibility of recovering those files from Linux. I have a converter which can convert normall SATA HDD into USB drives.
So is there any method to recover them?
If yes, is the method safe?
I am no expert and this is just my thoughts on your posting.
1 - I would first backup the Linux system I was going to use to access the HDD with ransomware.
2 - I would attach the HDD to Linux system using a SATA to USB cable.
3 - I would not worry too much about the ransomware because Windows .exe files can not be executed in Linux (without Wine).
4 - Recover the files.
5 - Format the HDD using Linux with ext4 format.
Also, the ransomware decrypters available on the net or even on popular websites like NoMoreRansome, then how can i decrypt the photos? The only imp thing on the drive is photos. Do you know any tools which would help?
I am with howard
Plug the drive into a linux box and see what you can or cannot open as a first step, if its a windows issue, usually linux just ignores that part.
I am more than sceptic about those. Won’t those contain just another malware?
I’d only run such a tool in a VM on a sample of the encrypted dataset.
If it really works… decrypt the whole dataset, but would not let it run outside of the VM.
I’m kind of paranoid with something that promises way too much.
I had no idea. Had a quick (random) look at it, I saw guides mentioning Avast, as well as Kaspersky… maybe you’re right, and thos are harmless.
I think these decrypters are for Windows (again, did not check).
I’d install a Windows instance into a VM (Virtualbox maybe), copy the disk (just a file on the host machine) to a safe place and install / make run the decrypter in that VM.
After shutting down the VM you can just copy the “disk” back overwriting in its original place (restoring snapshot ), and go on with the next decrypter.
If the decrypter has some “side effect” - after all who cares? It can harm just a disposable virtual machine.
Edit:
I read this article some time ago, and as I use Seafile, and store all my precious data in it, I felt, and still feel safe of such ransomware attacks.
Not to mention, my daily driven system is Debian, historically I booted Windows on bare metal in april of 2019 the last time.
Okay, so I connected the HDD using the SATA to USB connector to my linux pc.
I check the files and all of them are encrypted with some ‘.usam’ extension.
Acc to the searches i did on google…its a type of STOP DJVU ransomware ( pls correct me if im wrong )
Moreover, i remembered that when the laptop was originally infected, removing the extension of .usam made the files readable…but the virus soon infected them again.
I tried the same on this linux machine, i can rename the files, but they are not readable.
I saw a yt video, in that vid, the video maker is instructing to just rename the files and then use the photorec tool for making them readable. The man is showing it on a windows machine and he is using qphotorec gui on windows…although photorec gui is not available on linux.
Moreover, I tried using the cli photorec on linux, but its telling me to select an entire partition…
Currently, I hv just copied a few files from the drive to my linux machine, so that I can first try the different methods and then attempt them on the main drive.
So please help in recovering the copied files first…and then i’l do it on the main drive.