Case description:

Ever Higher Data Recovery Centre received a server that attacked by ransomware. This client was not in the company during the Circuit Breaker period and they failed to access into their server. Their IT department went back to their company and find out that the server generates abnormal noise. After liaising with them, they send their server and backup drive to our recovery centre for assessment. After identifying the structure of ransomware, vary attempt was done and we successfully salvage the data!

Recovery attempts by the customer

Originally client thought that it was something related to password error. Many attempts were done to reset the password and all attempts failed. Subsequently, the client noticed that all files is ended with “.ROGER”, and they shut down the server directly.

Action( Solution)  taken :

Data Recovery Specialist team:

Our data recovery specialist took 1 to 2 business days to analyse the ransomware. By understanding how the data encrypted, will have better chances in salvage all related data. Data was cloned for this assessment. Both server and backup drive required for this assessment. This server used for accounting system and all databases was encrypted that cause user access denied.

The Outcome

Ever Higher Data Recovery Specialist team successfully recover most of the encrypted data, especially the main database that needed by client. After client check through the data, they are satisfied with the outcome.

The Lesson

There are many ways for ransomware to take access into a server or computer. The most common way of access your data is through an email, that provide some unknown link, masquerading as your trusted source or customer. If you click on it, they will get a permission to access your computer. So, never click on unknown link or an email attachment. Download only If you know the source of the link and attachment.