We receive a server from a user, mentioned that all files cannot be read. This server was sent to other third parties for recovery but failed.

Root Cause Failure:

From our assessment, we found out all data was attacked by ransomware named “Mr. Dec”. Ransomware is a type of malware that will encrypt or block victim's data. Ransomware is created with different structure, some simple ransomware structure can be reverse with a knowledgeable person. But, those data blocked by advance malware is very difficult to reverse it. 

Action Taken:

First of all Server collected. All HDD recorded accordingly to prevent from misplace of HDD during recovery.

Next, all data is cloned before recovery process started to prevent from data gone.

Most importantly,  data recovery specialist started to identify and understand the structure and logic of this ransomware. After a certain period, we successfully identified This type of ransomware encrypts user data using advanced encryption standard (AES). This type of ransomware most of the time made on the insecure remote desktop (RDP). Minimal change to split under email spam or malicious attachments, fraudulent downloads, exploits, web injects, fake updates, repackaged and infected installers.

Result:

Ever Higher Data Recovery's specialist manages to retrieve almost 90% of the data by analyzing entire ransomware patterns and trojan type without decryption method.