Fight against ransomware with data recovery technologies
Instead, we can utilize advanced data recovery technologies to fight against the ransomware attacks.
WHY DATA RECOVERY WORKS
There are several reasons why data recovery works, as below:
1. Original Data May Still Exist
When ransomware encrypts an important file and deletes the original one, the data of the original file may still exist on the hard drive. In such a case, we can use a raw level data recovery tool to scan the whole hard drive to recover these unencrypted data. This is called file carving technology. Some tools can even target a specific file type and size, which improves the accuracy and reduces the time.
2. Parts Of The Data May Not Be Encrypted
The purpose of ransomware is to make a file unusable so that you feel compelled to pay the hacker. In modern computer systems, there are many huge files. For example, SQL Server MDF files are normally several GBs, and some can even reach hundreds of GBs. In such a case, ransomware may not encrypt the whole file, but only the file header, because:
Encrypting a huge file will consume a lot of time and a lot of system resources, which will increase the chances of being detected.
The long encryption process may be aborted due to various reasons, making the encryption fail.
Just like a human head, a file header normally contains the most important metadata of the whole file, so encrypting the file header can easily render the entire file unusable.
Moreover, even if the ransomware chooses to encrypt the whole huge file, the encryption is performed block by block and may be aborted in the half-way, leaving some blocks of the file unencrypted. In such a case, we can also utilize file-level recovery tools to recover data from these blocks.
There may be other copies or versions of the original file that still exist, such as:
The offline or cloud backup
Windows Volume Shadow Copy
MacOS Time Machine
Linux/Unix ZFS/Btrfs/LVM snapshots
Temporary files generated when operating on the original file.
Log file
In some cases, we can restore the original file directly, such as from a cloud backup. For other cases, we need to use specialized tools to recover the data. For example, if there is a temporary file for an encrypted PST file, then we can use the Outlook file recovery tool to recover data from the temporary file. If there is a log file for an encrypted SQL Server database file, we can use it to reconstruct the data.
4. Key May Be Available
In many cases, we can get the key to decrypt the encrypted data not from the hacker, but from other sources.
If an active ransomware process is detected, then we can perform a memory dump and utilize the memory forensics technology to exact the key.
Some ransomware may not erase the key in the memory after the encryption. In such a case, if the corresponding memory block is not overwritten, we can also utilize the memory forensics technology to obtain the key.
Some ransomware will not remove the temporary file containing the key. Therefore, we can recover it from the file.
Some ransomware will hardcode the keys in their own executable files.
Some will put the keys in system registry.
The system log files or snapshots may also contain the keys.
For all these cases, the keys may be stored in plain text or encrypted with some algorithms. For the latter case, normally we can utilize the reverse engineering technology to decode them.
As we can see in this article, there are many data recovery technologies that can deal with the ransomware. Therefore, ransomware attacks may not necessarily be disastrous. When they do occur, you can consult a data recovery specialist to get the best strategy.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Onion
17 hours ago
- The Onion
Windows To Phase Out ‘Blue Screen Of Death'
Windows will no longer display the operating system's infamous 'blue screen of death' when something goes wrong, removing the signature frowning face that accompanied the crash notice in favor of a shorter message and plain black screen. What do you think? 'How am I going to know when I'm supposed to punch my computer monitor?' Derrick Wozniak, Package Claimer 'A great reminder to hug your error messages while you still can.' Carla Maron, Raspberry Lobbyist 'You mean the blue screen of second chances?' David Rosenbaum, Box Sealer
Forbes
a day ago
- Forbes
Model Supply Chain Poisoning: Threats And Mitigation Strategies
Syed Quiser Ahmed is AVP, Global Head of Responsible AI at Infosys, a global leader in next-generation digital services and consulting. Between December 25 and 30, 2022, we ran pip install torchtriton to pick up the nightly build of PyTorch on Linux, and the installer silently pulled a counterfeit wheel from the public Python Package Index (PyPI). The moment we imported the library, it began harvesting host details and cloud credentials. PyTorch maintainers noticed the breach on December 30 and warned everyone to uninstall it. Investigators confirmed this is a classic "dependency confusion": the attacker registers a lookalike package with a newer version tag, and your automated CI/CD pipeline obligingly fetches it while you are on holiday. These are textbook attack patterns and have been around for a long time. Some of the more famous supply chain incidents include the attack involving SolarWinds (download required) in 2020 and the Log4j vulnerability in 2021, where attackers embedded malicious logic into trusted downstream systems, allowing a single backdoor to silently ripple across fleets of applications before anyone noticed. Even non-malicious updates can be catastrophic, like what we witnessed in July 2024 with the CrowdStrike outage, where a single faulty patch affected 8.5 million Windows systems globally; disrupted aviation, banking and healthcare; and caused an estimated $5 billion in total losses. It was a stark reminder: intent aside, resilience must be built into every update. These incidents show a broader trend: Automation now stitches open-source components straight into production. The same scripts that save us hours can weaponize an upstream typo in seconds, especially when no human reviews the artifacts. Stakes are much higher in AI, as manipulated models can influence automated decision making at large scales, often going undetected initially. Understanding The Attacks Effective defense begins with understanding how attacks unfold. Here's a breakdown of common attack patterns, backed by research from academia and the industry. Researchers studied TransTroj, a backdoor that hides inside a pre-trained transformer by crafting poisoned samples indistinguishable from clean embeddings. When you fine-tune the model, the trigger still fires, causing damage. For example, a traffic model programmed to signal "stop" under certain conditions could be manipulated by an attacker to instead signal "speed." The paper shows near-100% attack success across tasks. Instead of touching data, an adversary can edit weights post-training. According to Hong et al., a single bit-flip in a convolutional layer could make the image classifier mislabel inputs (such as mistaking cats for dogs) on command while leaving benchmark accuracy intact. Because no new samples appear, your data-centric scans miss the threat. Hubs such as Hugging Face host hundreds of thousands of public models, a volume impossible to audit manually. Attackers can upload a fork, slip it under a popular tag and rely on automated scripts to fetch it. What should you do? • Pin exact model digests or SHA-256 hashes, not just version tags. • Verify author signatures (for example, with sigstore) before first use. • Run static scanners like Databricks' HiddenLayer Model Scanner inside your CI job to look for unexpected weights or binaries. When you clone a favorite data-augmentation library, you may inherit a malicious pull request that slipped through lax reviews. The U.K.'s NCSC tracks a steady rise in attackers who patch upstream code so that every downstream consumer compiles the payload automatically. A minor misspelling, for example, "bert_base_uncaseed" instead of "bert_base_uncased," tricks both developers and automated installers. Check Point and others have removed hundreds of malicious PyPI clones uploaded by bots to harvest credentials. Retired repos add risk: When maintainers abandon a namespace, attackers can adopt it and push trojan updates. Instead of targeting you directly, adversaries compromise documentation portals or hub mirrors you visit daily. The manipulated web page serves a tampered model link, and your browser's "download-and-run" helper script completes the infection path before you notice. I've noticed watering-hole tactics spreading from traditional IT into machine language (ML) developer forums. How To Defend Once you understand the attack patterns, you gain clarity on what to monitor and mitigate. Below are key defense strategies that can be employed to counter these threats effectively. Adopt signed manifests for every dataset, script and checkpoint. Frameworks like VAMP and sigstore let you store tamper-evident logs so you can prove that the model hash you deploy is exactly the one your pipeline built. Static linting helps, but you also need runtime guards. Neural Cleanse or STRIP can stress-test models offline; products such as Robust Intelligence AI Firewall and HiddenLayer MLDR wrap live endpoints, watching inputs and outputs for deviations that hint at triggers or extraction attempts. Always execute third-party models inside containers with read-only file systems and network egress filters. Hit them with rare, adversarial and out-of-distribution examples before promoting the product. Kubernetes admission controllers or Vertex AI's secure-inference options can automate the gate. Treat every model—yes, even the one from your own research group—as untrusted until proven otherwise. Schedule drift checks, monitor embedding distributions and rotate keys that sign your artifacts. Cloud tools such as Microsoft Defender for Cloud or Amazon SageMaker Clarify integrate directly with CI/CD logs, so you notice anomalous calls within minutes. Governance Habits That Keep You Safe • Mandatory Code Review: Don't merge to main without two sets of eyes and automated security checks. • SBOMs For Models: Publish a software bill of materials that lists datasets, source commits and training hyperparameters. • Signed Releases: Use sigstore or in-house hardware security modules (HSMs) to sign every container, wheel and ONNX file. • Threat-Model Rehearsals: Run game days where you intentionally inject a fake backdoor and time how long the team takes to detect and recover. Closing Thoughts Model supply-chain poisoning is a critical and under-addressed threat. The safest path is to see models not only as assets but also as potential attack vectors. Make cryptographic verification non-negotiable, pair it with relentless anomaly detection, run every new model through a hardened sandbox and integrate governance controls that track provenance from dataset to deployment. These measures should become everyday engineering hygiene. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Engadget
a day ago
- Engadget
The best Prime Day laptop deals on MacBooks, Chromebooks, Windows machines and more
If your laptop simply isn't cutting it anymore, Amazon Prime Day 2025 might have arrived just in time. As has been the case for the past few years, laptop deals are abundant this Prime Day (even now in the lead-up to the official dates), bringing discounts to MacBooks, Windows laptops, Chromebooks and more. But we wouldn't blame you if you didn't know how to figure out if that laptop you're eyeing actually has a good discount for Prime Day, or if the deal is stale. That's where Engadget can help. We've poured over the Prime Day laptop deals available this year to pick out the best ones you can get across all kinds of computers. If you're super picky about the specs you want in a new laptop, we always recommend going straight to the manufacturer so you can configure the machine exactly to your needs. But if you're willing to work with premade models, Prime Day deals could help you save some cash on your next laptop. Apple's latest laptops are the MacBook Air M4 and the MacBook Pro M4, but the M3-powered machines are still available and great values when you can get them at steep discounts. But for the most future-proof options, we recommend going with the M4 MacBooks. Amazon actually has decent MacBook deals throughout the year, most of the time on the base configurations of any given model. In a welcomed update, Apple recently made all base models of the MacBook Air M4 have 16GB of RAM by default (which is the same as you'll find on the base-level Pros). MacBook Air (15-inch, M4, 16GB RAM, 256GB SSD) for $1,049 ($150 off) MacBook Air (15-inch, M3, 24GB RAM, 512GB SSD) for $1,249 (26 percent off) MacBook Pro (14-inch, M4, 16GB RAM, 512GB SSD) for $1,429 (11 percent off) Most Chromebooks start off pretty affordable, so that just means you can get them for even less during an event like Prime Day. If you're a Chrome OS lover, it's also a decent time to check out sales on premium Chromebooks, which can usually cost $500 or more. In general, we recommend looking for at least 4 to 8GB of RAM and at least 128GB of SDD storage in a Chromebook that you plan on using as your daily driver. You've got a lot of variety to choose from when it comes to Windows laptops, and that can be a blessing or a curse. We recommend looking for a laptop from a reputable brand (i.e. Microsoft, Dell, Acer, Lenovo and others like them), and one that can handle daily work or play pressures. That means at least 8GB of RAM and 245GB of SSD storage, plus the latest Intel or AMD CPUs. If you're looking for a new gaming laptop, you'll need a bit more power and a dedicated graphics card to boot.
