Shulou(Shulou.com)06/01 Report--

Many technical apes, programmers, network managers, saw that the data of the server was encrypted, the service process was stopped, and the file names were magically changed one by one, and suddenly panicked. For the first eyewitness who discovered the scene of the virus crime, how should we deal with this sudden incident?

Based on our years of experience in data recovery and virus decryption, as well as exchanges and discussions among the vast number of member units of the China data recovery Association, we believe that the following points should be done immediately after the discovery of virus encrypted data:

1: disconnect the network immediately.

2: check the virus encryption time immediately. (observe the modification time of the file)

Rule A: power off or power off immediately. If the blackmail encryption virus runs encryption within 0-2 hours, the virus will generally be encrypted within 1 hour, depending on the number of files on your host and the data capacity. If your file number and capacity are relatively large, the virus encryption time will be longer.

Rule B: do not shut down, if you find that the encryption time has been more than 5 hours, it is useless to shut down, so it is recommended not to shut down, this is the virus process is still in memory, for cracking the virus, many keys may be in memory or cache files, shutdown will cause these important data to be lost or changed or overwritten, which is not conducive to subsequent data decryption.

3: antivirus software

Often poisoned host antivirus software is not protected, so it can not kill the virus. According to our statistics, antivirus software cannot directly decrypt data, so in general, there is no need to run antivirus software (at this time, most of the antivirus software process is terminated), and there is no need to install new antivirus software, because these operations will delete some infected files. For important infected data in case it is cleared by antivirus software, it is not conducive to data recovery.

4: look for professional institutions.

The data is encrypted and extorted by the virus, especially the wallet virus, which is often encrypted to the server host, which seriously affects the daily operation of the enterprise, but we suggest that you should not be anxious in the panic. Adhere to the professional approach to solve problems.

Rule A: the blackmail virus has a high degree of viciousness. People in the non-exhibition industry should not try it by using advanced encryption algorithms, so as not to infect other hosts to expand the fault.

Rule B: seek professional data recovery companies and professionals to assist in decryption.

Rule C: do not easily pay the ransom, this will encourage the arrogance of criminals, in addition, criminals are generally abroad, how to ensure the security of payment after paying bitcoin ransom, there is a great risk. We have encountered cases in which users still cannot decrypt the data after paying.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.