#WannyCry: Use recovery tools to gain encrypted files?

[German]Users losing files due to WannaCry encryption may get their files back using a data recovery tool. That's the message I received from a data recovery tool vendor.


Advertising

The best strategy to protect data against ransomware is a clever backup strategy – data need to be saved to a backup media, that is held offline – and you need a rolling backup keeps several versions of your backup data – in case, you backup encrypted data accidentally.

Some Theory

Sometimes users are losing data due to a file system corruption, accidentally deleted files or crashing hard disks. In such cases data recovery tools may comes handy. These tools are able to recover sometimes files from data cluttered over the disk's surface.

Ransomware depends on the operating systems file system. If the file will be rewritten during encryption, the old unencrypted files are probably left deleted on the hard disk. So it may be probable, that a recovery tool can retrieve such files.

Prepare the disk

In case your system has been infected with WannaCrypt, disconnect the disk from the system (to avoid an overwriting of deleted data cluster on this disk – I assume, that the approach reported here WannaCry: Decrypting with WanaKiwi also for Windows 7 wasn't successful). Then clone your hard drive to another drive, to work with an exact copy of your encrypted disk.

Try EaseUS Data Recovery Wizard Pro

I have to be careful here: I haven't a test system infected with WannaCrypt, so I can't test. But folks from EaseUS has send me the following information.


Advertising

User feedback and some tests has shown, that our EaseUS Data Recovery Wizard Pro could restore 80% of WannaCry encrypted data files.

Ok, it's clear, it's a marketing appoach, because the tool isn't free of charge. But they offer a test version, that may be used to test the cloned hard disk for data recovery. If recoverable files are found, it will be worth to buy EaseUS Data Recovery Wizard Pro. EaseUS has published a blog post about this approach. The folks a disk tuna has released this article with contradicting information. In case you have experience with this scenario, feel free to drop a commend.


Advertising

This entry was posted in Security, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).