This is a great time to reinforce the need to do backups. Since it's a
sensitive thing - you need to judge how to deliver the news but it's
critical. Now more than ever before.
Couple of things. I'd save the data - LATER you might be able to get the
drive unlocked. Don't allow them to waste the money on the unlock. The
way I understand it, it's infrequent that they actually unlock it. In
fact, by now the point at which they could be contacted might have been
already shut down or compromised (more likely) by other 'hackers'. Just
do not give in to paying. Better to wait. JMHO.
I got lucky with a client that got hit with this, about a year earlier I
really was adamant that they get into some sort of automated backup.
They took an online (sorry, CLOUD) backup that I was able to resell. It
paid for itself FOUR times over (so far)! Anyway, sorry for you & client
On 7/18/2018 3:00 PM, Thane K. Sherrington wrote:
I know someone with no backups who recently had his entire computer
encrypted with the .arrow variant of Dharma (.cezar Family). (BTW, this
isn't me.)
There is apparently no way to decrypt without paying the ransom or
recovering deleted files.
So two questions:
1)Does anyone know if the ransomware encryption encrypts the file to a
new file, then deletes the old one (giving me the possibility of deleted
file recovery)? If so, what software is recommend for an Windows NTFS
system (so far, Recuva and R-Studio have found squat).
2)If he decides to pay the ransom and take his chances, what are legit
sites to purchase bitcoin (never done that before)?
T
