Kingsley Tech SF
New Member
Hello,
I have a client that was a victim of the Deadbolt ransomeware. It was on an Asustor NAS. The configuration was 4 disks RAID 10 (2 in RAID 0 then mirrored to another 2 in RAID 0). I hope that's right. I was able to use recovery software with only one disk and got a ton of information. Obviously since there was a RAID 0 some of the files are not complete. All I used was EaseUS recovery software and I was able to get non encrypted files back. Not sure how but I'm guessing when the files changed or were replaced the file system put them on another part of the HD to delete and I was able to search that "Deleted" part and get the non-encrypted files?
My question:
Would it be possible to mount the RAID 0 drives and use recovery software like PhotoRec to get at hidden files? I have done a search on mdadm and I do have an Ubuntu machine
I have a client that was a victim of the Deadbolt ransomeware. It was on an Asustor NAS. The configuration was 4 disks RAID 10 (2 in RAID 0 then mirrored to another 2 in RAID 0). I hope that's right. I was able to use recovery software with only one disk and got a ton of information. Obviously since there was a RAID 0 some of the files are not complete. All I used was EaseUS recovery software and I was able to get non encrypted files back. Not sure how but I'm guessing when the files changed or were replaced the file system put them on another part of the HD to delete and I was able to search that "Deleted" part and get the non-encrypted files?
My question:
Would it be possible to mount the RAID 0 drives and use recovery software like PhotoRec to get at hidden files? I have done a search on mdadm and I do have an Ubuntu machine