Received some helpful information from forumites on playing vids/line speed so I thought I would put out another appeal for help, don't know if will produce any solutions. Worth and ask, I guess.


At the end of April my PC was hacked and all my data encrypted. A demand for payment followed. My PC shop probably did not make the right moves. Have since been in touch with a data recovery specialist but he has been unable to release my information.


I wonder if any others have suffered this really bad experience and had any luck recovering their data.

Planemike,

Yes, this is a well known style of virus/hack/trojan that goes by various names CryptoLocker, CryptoWall etc.

No, there's bugger all anyone can do about it. You're stuffed. Your PC shop should have really been honest with you and told you that before taking your money to look at the problem.

I would NOT advise paying any ransoms, its putting money into the hands of criminals, and there's no guarantee of you getting access to your data anyway, quite frankly, being criminals, they're more likely just to run.

Three lessons for the future :

(1) This is yet another lesson about the importance of BACKUPS !!!! You, regrettably, appear to have learnt it the hard way.
(2) Be careful what you click on
(3) Run anti-virus software

In particular, in relation to number one... I've unfortunatley got very little sympathy for people who can't be bothered to instigate a backup routine. Its not rocket science, its not expensive, it can be heavily automated, people just need to DO IT !

There could be any number of reasons why your computer might crash and burn .... YOU MUST BACKUP any data of any value !!!

Sometimes the data can be recovered.
https://www.decryptcryptolocker.com/

PPD

Hello Mixture,
Could you answer a question?
A friend had this happen and while I do have everything backed up I thought I would in addition, make a bootable clone of the OS and some of the data, (I am using OS X and Carbon Copy Cloner).
My question is, if I were to leave the clone drive connected full time is it vulnerable to the bad guys who hack your machine and hold you to ransom?

I am thinking it may be if it shows up as just another drive on my system.

IOW, should I eject, or physically disconnect, the drive after each incremental back up to put it beyond reach of the hackers ?

I keep a Time Machine B/U of my system and an additional B/U of my photography.
Thanks.

There could be any number of reasons why your computer might crash and burn .... YOU MUST BACKUP any data of any value !!!
Even more important, at least one of your backups must be off-system, ie not continuously connected to the computer. My understanding is that Cryptolocker will lock all drives you have in/on your computer.

I don't know if one could set up a protected network drive/backup...

One could backup to the cloud, but would that be a 'connected' drive?

Even more important, at least one of your backups must be off-system, ie not continuously connected to the computer.

Absolutely.

I always say, minimum three copies of anything of value.

That's three copies excluding the "live" copy, and things like backups onto RAID arrays only count as one copy.

And yes, as Capn Bloggs says. One copy should really be in "offline" format, be it CD/DVD/Bluray, a drive that's disconnected when not in use, or backups to cloud services.

One could backup to the cloud, but would that be a 'connected' drive?

Probably not.

What I consider a connected drive (and I guess Capn Bloggs too), is a traditionally mounted device, i.e. one that appears as an additional volume on your computer (e.g. a drive letter on Windows).

In order to affect your cloud backups via a virus or suchlike, the attackers would first need to determine what cloud backup mechanism you are using and then either interface with that software or collect your credentials from that software. Not saying it could never happen, but....

For most people, the benefits the additional backup to cloud brings (i.e. offsite, managed storage platform etc) will probably outweigh any potential downside.

Some cloud services may offer versioning services, that might be worth looking out for.

My question is, if I were to leave the clone drive connected full time is it vulnerable to the bad guys who hack your machine and hold you to ransom?
I am thinking it may be if it shows up as just another drive on my system.

Your thinking is correct.

Enumerating mounted volumes is a straightforward task on any operating system, and then once enumerated you can use standard operating system commands to interact with the volumes.

So you've got two choices, either :

(a) As you say, physically disconnect your drive each time (ejecting only unmounts the drive, you can still enumerate unmounted drives and re-mount them).

(b) Get a few more drives and look into a rotation scheme (e.g. GFS - Grandfather Father Son - or Tower of Hanoi). Using a rotation scheme means you have a historical timeline over a given period of time, and therefore it does not matter whether you leave a drive connected and mounted, because you can always drop back to another point on the rotation timeline.

And, depending on what the perceived threat is, keep the backup(s) in separate locations. If it is really that valuable and the house is burgled, or burns down, you don't want to lose all of the copies.

Mixture................


Many thanks for your advice. "Horses and stables doors" come to mind!! Your info coincides with that given by the data recovery specialist I am in contact with. My problem is, I am not "techie" and really do not understand computing and IT.


To me, a computer is tool for me to use. I view in the same way as a motor car, I drive it: I don to need know the hardness of rubber used to manufacture the tyres!!


Been an unpleasant experience but I will just have to live with it unless my data recovery man gets lucky. Not holding my breath!!!


Oh, regarding paying to release data, I wouldn't anyway but also could not follow their instruction even if I was inclined to. Just another thought perhaps I should to it my info to Chinese or Russian Intelligence, they have apparently de-encrypted some of the stuff Mr Snowden "liberated" from the US!!


Thks again...!!

Mixture, many thanks for your advice!

The bas****s should have a minimum sentence of ten years if caught.