Odin ransomware question

adampd

Distinguished
Jul 12, 2009
10
0
18,560
0
My friends business has suffered this ransomware, the original email came through on a client PC, which was opened, then by the sounds of it, they had a network share set up which stored their documents, which all got encrypted to the .odin format But, if the virus wasn't actually opened on the server itself, would that mean the shadow copies of the files on the server are still intact? Or does the virus delete the shadow copies remotely from the original infected client PC?
Trying to find the best way to try and recover the deleted files.
 

adampd

Distinguished
Jul 12, 2009
10
0
18,560
0


Yea I figured as much, but would a recovery program like Recvua, be able to restore the original files?
As I understand the ransomware, it copies the old files, encrypts them, then deletes the old ones?
 

USAFRet

Splendid
Moderator


No. Recuva will NOT resurrect the original files.
If it were that easy, the ransomware dudes would not be doing it.
 

adampd

Distinguished
Jul 12, 2009
10
0
18,560
0


Ahh I did wonder.
But if the virus wasn't activated on the server itself, would it have been able to delete the shadow copies from a client PC on the network?
 

USAFRet

Splendid
Moderator


All speculation. These things can mess with whatever is connected.
The only thing that matters is if you can retrieve your critical files from wherever.
Either the shadow copies, or the daily backups you've made.

Trying to unOdin those files, or discover what it might have done, is a useless exercise.
Wipe the systems, ALL the connected systems, and recover the files from your backups.
 

adampd

Distinguished
Jul 12, 2009
10
0
18,560
0
Thanks USAF
Yea I am just hoping for the best at this point, they only had ONE backup made and it's 2 months old and it wasn't complete
They've learnt a very hard lesson.
 

adampd

Distinguished
Jul 12, 2009
10
0
18,560
0
Yea shadowexplorer was of no use, because the shadow copy system wasn't enabled (or the virus disabled it)
But, using Recuva, I was able to restore the lost data, hopefully all of it is intact.
Tested the most important bits and they work ok
 

USAFRet

Splendid
Moderator


Recuva worked? Interesting.
 
Thread starter Similar threads Forum Replies Date
D Antivirus / Security / Privacy 0
Frankenstein002 Antivirus / Security / Privacy 9
Paul Wagenseil Antivirus / Security / Privacy 0
S Antivirus / Security / Privacy 4
A Antivirus / Security / Privacy 9
G Antivirus / Security / Privacy 8
Paul Wagenseil Antivirus / Security / Privacy 0
Paul Wagenseil Antivirus / Security / Privacy 10
Marshall Honorof Antivirus / Security / Privacy 1
Paul Wagenseil Antivirus / Security / Privacy 4
Paul Wagenseil Antivirus / Security / Privacy 1
Paul Wagenseil Antivirus / Security / Privacy 2
Paul Wagenseil Antivirus / Security / Privacy 7
A Antivirus / Security / Privacy 3
Avast-Team Antivirus / Security / Privacy 0
Avast-Team Antivirus / Security / Privacy 2
Paul Wagenseil Antivirus / Security / Privacy 1
anbu13 Antivirus / Security / Privacy 0
Paul Wagenseil Antivirus / Security / Privacy 0
Paul Wagenseil Antivirus / Security / Privacy 3

Similar threads


ASK THE COMMUNITY