Hard Drives That Have Had Virus or Malware Attacks

​At R3 we have jobs sent to us ranging from Mechanical failures and degraded drives to drives which have been formatted and/or re-installed and overwritten. However, there can be occasions where we get sent a drive that has had some form of attack, whether it is a drive that has been afflicted with a virus, or if it is a drive that has had a Malware attack. We have even had a server sent to us which was infected with a virus and also had a malware attack (Ransomware).

When handling a ransomware case or any case where there is a potential threat for a virus to affect our machines/network we must follow a strict procedure so there is no way of the virus infecting our network infrastructure.

Ensuring clones of the data transfer machine we are going to use have been done and the machine is disconnected in every way from the network is just one of the precautions we take.

Virus scan with Malwarebytes and ESET

After said drive has been recovered/cloned by the engineers. Multiple virus scans are done on the image drive so that we know that if there are any threats on the drive we are able to remove them before we begin the data transfer procedure. If we didn’t do this stage and we began to copy the data without doing a virus scan on the drive, it is more than likely we will copy the virus over to the new drive and the customer wouldn’t be any better off.

All this is done so that we know 100% if there was a threat it wouldn’t affect our internal systems and that the data we are copying for the customer is 100% free of any virus and any potential threats to the machines that they use.

WannaCry Ransomware Attack - How To Recover Your Encrypted Files

During the recent publicity over the WannaCry ransomware attack I was in communication with a number of NHS clients who were asking how many enquiries were we getting.

The reality is the WannaCry ransomware attack was relatively insignificant other than the publicity it attracted and its interference with some services, not to downplay their impact but to put into perspective this attack was smaller in ransom value, ransoms paid and bigger in publicity possibly due to the state of the nation with regard to politics / manifestos / budgets and propaganda.

In terms of monetary value the ransoms were low. In terms of disruption to services it was not the Windows XP systems that were compromised it was the Win 7 and Server 2003 systems.

WannaCry ransomware attack

As a news item I was shocked at the publicity and panic mongering which seemed more politically motivated but I could be wrong, my observation is based on similar outbreaks in 2016 which knocked out entire cities and local authorities but were not publicised to the same extent.

We help the recovery process with ransomware decryption by first imaging drives sector by sector so that there is a second chance of recovery if anything goes wrong.

Don't forget encryption / decryption and malware / antivirus scanning can add extra risk to a storage device failing.

Get advice and assistance from Andy and the team at R3. R3 Data Recovery is real lab that deals with real disasters each an every day. If you have any sort of problem with a hard drive or any data storage device, we are the people to contact. Call us today on 0800 999 3282 for immediate help and assistance.

R3 are ICO registered and have been vetted by Hiscox Insurance for Cyberbreach and data disaster recovery claims assistance.

R3 is one of the few real data recovery labs in the UK and recognised by National Trading Standards forensics and NHS Trust Infrastructure managers as their data recovery rescue supplier.

R3 Data Recovery Ltd has imaging capacity onsite or in lab.

The lab can process imaging of upto 300TB per 24hrs in emergency situations.

We also can image factory / production computer system drives during shutdown periods to help with extending the life of SCADA / bespoke computer operating systems that are not networked or backed up.

R3 processed more successful recoveries of flood damaged ( submerged in effluent / flood water) drives in 2016 than any other british based data recovery lab.

R3 Data Recovery Ltd process Large scale IBM, HP, Dell, EMC, QNAP, Synology, RAID / SAN, VmWare HyperV and Drobo beyond RAID recoveries in Sheffield that our nearest competitors cannot undertake in the UK.

Dell RAID server recovery

This Killer USB Drive Will Fry Your Laptop

Do you know the USB devices we carry each day can be converted into a bomb? You must be thinking like “yeah whatever.”

No, it’s true, a researcher just showed how a USB can be converted into a killer USB that can kill your whole PC within seconds.

Though, this is not the first time such a USB has been demonstrated. In March, the same researcher showed that a USB can cause harm to vital components of a system if plugged in. But, this time around the USB he demonstrated was significantly more powerful and was named as “Dark Purple”

The USB has been developed with a DC/DC converter, caps and FET. On plugging, the DC/DC converter charges the USB to -220V in the new version (in the old version it was -110V). This voltage is applied to the signal lines of the USB interface.

The process repeats itself until all the components of the PC are destroyed.

What’s more troubling about the version 2.0 is that the reaction rate is much more than the earlier version, which allows it to destroy the whole system within few seconds.

During the demonstration, the researcher lost his new laptop. This is what he said after the demonstration:

“Do not worry about the laptop, the new motherboard is on the way – and the laptop will live again,” He specifically bought new laptop (Lenovo Thinkpad X60) just for this experiment, according to the researcher’s blog post.

This is not the first time a USB has been used as a weapon. USB drives have been used many times for compromising systems in air-gapped networks.

Stuxnet worm is the best example in the recent past when a USB drive was used as a weapon. Stuxnet worm was designed to destroy centrifuges at a nuclear facility.

So, our advice for you would be to be very careful while using anyone’s USB (better still, do not use anyone’s USB in your system), as one wrong step on your side can put all your data on risk.

If you need any type of USB or memory stick recovery, please don’t hesitate to contact us on 0800 999 3282 for a free no obligation quote!

52% of small businesses do nothing to stop cybercrime

Says a study looking at small business around the UK, even with awareness of cybercrime on the rise, a sizeable proportion of the UK’s small businesses are doing nothing whatsoever to avoid falling victim to a data breach.

A new study from CSID, published on July 8th, which showed that more than half (52 per cent) of the UK’s small business “are not taking any preventative measures to protect themselves against cybercrime”.

Furthermore, the company found that 85 per cent of small businesses have no plans to increase their spending on data security in the future, leaving their risk of data loss unmitigated.

To illustrate the severity of the threat, CISD set up an online presence for a fictitious business called Jomoco and had two fabricated employees accidentally leak sensitive data.

It took hackers just one hour to exploit this information and lock the employees out of their email and social media accounts, as well as deface the Jomoco website.

“Understanding and educating employees about the security threats associated with establishing and running a business should be the first step in mitigating (cyber) risk,” said Andy Thomas, managing director of the company’s European division, in response to the findings.

Complex data recovery requires expertise. Speak to the data recovery industry pioneers at Kroll Ontrack for free advice to investigate options to recover from any data loss type, system or cause.

We can support and advise you on any type of complex data recovery for your business plu our advise is FREE, please don’t hesitate to contact us on 0800 999 3282 for a free no obligation quote.

11-year-old girl sets up business selling secure passwords

Sixth-grader Mira Modi has started her own business making cryptographically secure passwords using a system called Diceware.
Weak passwords are still the plague of the cybersecurity industry, with the most popular passwords of 2014 including “123456”, “password” and “qwerty”, making it easy for hackers to break into accounts and steal data. Now an 11-year-old girl from New York is offering a solution.

Sixth-grader Mira Modi has started her own business making cryptographically secure passwords and selling them for $2 a pop. She generates the passwords using a system called Diceware to create strings of words that are easy to remember but difficult to crack.
The system involves rolling a die to generate random numbers, which are matched to a list of short words from the Diceware dictionary. Those words are then combined into a non-sensical string, such as: alger klm curry blond puck horse.

These six-word passphrases contain a lot of “entropy”, or randomness, which means that it would take a powerful computer a very long time to correctly guess them. They are also easier to memorise than strings of individual characters.

Miss Modi is the daughter of ProPublica journalist Julia Angwin, author of Dragnet Nation. As part of her research for the book, Angwin employed her daughter to generate Diceware passphrases, and Modi had the idea to turn it into a small business, according to Ars Technica.

“I started this business because my mom was too lazy to roll dice so many times, so she paid me to make roll dice and make passwords for her. Then I realized that other people wanted them, too,” wrote Miss Modi on her website.

“I personally find that my Diceware passwords are surprisingly easy to remember. However, I only use a few Diceware passwords for important accounts. I use a password manager, 1Password, to create and store passwords for my less-important accounts.”

Diceware generated password, sent by US Postal MailDiceware generated password, sent by US Postal Mail.

She added that once her customers receive their hand-written passphrases in the post, they should make some small changes such as capitalising letters or adding symbols such as exclamation marks, to ensure they are truly unique.

The risk of using weak passwords has come to light in recent months, after hackers gained access to the entire database of Ashley Madison, a dating website for people who want to have affairs, and posted the names of all 37m users on the internet.

The most common passwords for the site were “123456”, “12345”, “password” and “default”. Other notable passwords included “ashley”, “ashleymadison” and “696969”.

However, even strong passwords are no guarantee against data breach. TalkTalk customers are being urged to change their passwords, and any passwords that are the same as their TalkTalk password, following last week’s cyber attack.

IBM Sent Off USBs Infected with Malware

​A new warning has been issued by IBM and the situation seems to be rather serious. According to the firm, there are a number of infected USB sticks out there with some very dangerous malware. The USB sticks in question were shipped with Storwize flash and they have hybrid storage systems. IBM suggests destroying the USB sticks immediately. Otherwise, your device can be infected with malware making the system vulnerable.

Apparently, the infected USB sticks contain a tool used for Storwize systems and it is the tool that was infected with malicious code, as unveiled by the IBM. The infected models include drives that have part number 01AC585 and that were shipped with Storwize V3500, V3700, and V5000 Generation 1 storage systems.

When it comes to dealing with the infected device, the vendor recommended that users should first update their antivirus and then try to use the USB drive. It is also recommended to not to use the drive again and to destroy it, in order to cease the infection via the USB sticks.
Security company Trend Micro’s antivirus detected the malware as PE.WINDEX.A and claimed that it was served up by one of the North Korean websites. Other vendors have also been able to detect this malware, but they classified it as a Trojan that would attempt downloading other malware if executed.

IBM also stated that the malware/Trojan was not executed during the Storwize initialisation.

When it comes to dealing with the infected device, the vendor recommended that users should first update their antivirus and then try to use the USB drive. It is also recommended to not to use the drive again and to destroy it, in order to cease the infection via the USB sticks.

However, for those who do not wish to do so, IBM strongly recommends deletion of the malicious files and to complete reinstall the Storwize initialization package. After that, the users should scan the code with their updated antivirus and hopefully, that should be enough to deal with the malware that’s infecting the drive.

An alert concerning these infected USB drives was also issued by a Chinese PC giant called Lenovo. IBM has originally manufactured equipment that had Storwize systems for this very company, so it’s not strange that they would decide to include this warning as well.

This is another situation where an updated antivirus could be of huge help to the users, and they’re advised once again to update their software regularly, especially when malware are being sent off in every direction lately.

Security Pros Pessimistic About Ransomware Data Recovery

In most cases, security experts believe they wouldn’t be able to recover from a ransomware attack without losing critical data.

Those are the results of a survey conducted by endpoint protection provider Tripwire, during the recently held RSA Conference 2016.

During the conference, 200 IT security professionals were asked if their company could recover from a ransomware attack without losing critical data. Unfortunately, just 38 per cent answered positively, saying they were ‘very confident’ in doing so.

“The decision to pay a ransom comes down to the confidence and financial cost of recreating or restoring data from a previous backup,” said Travis Smith, senior security researcher for Tripwire. “Since most ransomware samples we have seen have a time limit to pay, it’s important to have confidence that you can restore the majority of data on short notice. Organizations should focus on improving backup and restoration procedures to reduce the cost of restoring data and services after a potential breach.”

According to 73 per cent of polled security experts, critical infrastructure providers are more vulnerable to these types of attacks than the rest of us, while 52 per cent said they don’t think their executives could spot a phishing attempt.

Spear phishing in the past 12 months has risen, according to 58 per cent of polled experts.

Ransomware has become extremely popular lately, becoming the top threat for mobile devices, according to a recent Blue Coat Systems Malware Report.

Not even Apple’s systems are safe any more, and security experts are urging everyone to be careful when opening attachments and keep backup copies of business critical data.

Audio Hard Drive Hack?

Do you think your data is safe because your computer isn’t connected to the internet or a network? Wrong. As security researchers recently demonstrated, the sounds of your computer’s hard drive can be used to transmit data from an air-gapped and seemingly well-protected machine.

The DiskFiltration hack, demonstrated in this video by security researcher Mordechai Guri of Israel’s Ben-Gurion University, works by controlling the actuator in a hard drive which moves back and forth across the drive’s platters to read and write data. Think of it as the arm on a record player, but constantly moving back and forth at tremendous speeds.

As the actuator jumps around, it produces subtle sounds. You know that cacophony of sounds when you first boot up a desktop computer? Part of that noise is coming from the machine’s hard drive, and with the correct malware installed, those sounds can actually leak sensitive data to a nearby air-gapped device, like a smartphone, that knows what to listen for.

The DiskFiltration has a working range of about six feet, but it’s limited to a slow data rate of about 180 bits per minute. That’s enough to capture a complex encryption key, like from the 4,096-bit RSA algorithm, in about 25 minutes. For larger files the method is mostly impractical, and it requires an insider to actually get the malware onto the protected machine. It also doesn’t work with SSD drives which don’t have moving parts. But still, it’s a crazy hack.