mcerd1
|
| posted on 19/2/14 at 10:11 AM |
|
|
OT - Mass File Corruption - Help !!!!
Got a major issue thats just developed at work - nearly an entire drives worth of data seems to have been corrupted in the last hour 
thats nearly 90 thousand excel, word, pdf and autocad files that are now just full of gibberish 
only picture files actually seem to work.....
this only affects the one drive at the moment - but its on the same physical disk as 2 other drives which appear to be working perfectly...
any ideas ?
[Edited on 19/2/2014 by mcerd1]
-
|
|
|
|
|
ironside
|
| posted on 19/2/14 at 10:24 AM |
|
|
Are any of your users infected with the CryptoLocker virus?
|
|
|
McLannahan
|
| posted on 19/2/14 at 10:25 AM |
|
|
Do you have shadow copies/previous versions enabled? (Assuming this is a Windows box that is...)
|
|
|
mcerd1
|
| posted on 19/2/14 at 10:44 AM |
|
|
quote:
Originally posted by ironside
Are any of your users infected with the CryptoLocker virus?
don't think so - and we arn't getting any ransom demands
-
|
|
|
mcerd1
|
| posted on 19/2/14 at 10:45 AM |
|
|
quote:
Originally posted by McLannahan
Do you have shadow copies/previous versions enabled? (Assuming this is a Windows box that is...)
we do have off line backups - but that would mean loosing 2 - 3 days worth of work for all of us
-
|
|
|
McLannahan
|
| posted on 19/2/14 at 10:59 AM |
|
|
quote:
Originally posted by mcerd1
quote:
Originally posted by McLannahan
Do you have shadow copies/previous versions enabled? (Assuming this is a Windows box that is...)
we do have off line backups - but that would mean loosing 2 - 3 days worth of work for all of us
Shadow copies/previous versions is not the same as backups - it's a snapshot of the selected shared drive taken at scheduled points throughout
the day/night. It's certainly not an alternative to a good backup but ideal for a situation like this....If it's enabled of course!
Is it worth manually running another backup now of the existing healthy files?
|
|
|
mcerd1
|
| posted on 19/2/14 at 11:04 AM |
|
|
quote:
Originally posted by McLannahan
Shadow copies/previous versions is not the same as backups - it's a snapshot of the selected shared drive taken at scheduled points throughout
the day/night. It's certainly not an alternative to a good backup but ideal for a situation like this....If it's enabled of course!
its not enabled, but I doubt it would help much anyway...
were talking about 90,100 files
-
|
|
|
iank
|
| posted on 19/2/14 at 11:43 AM |
|
|
quote:
Originally posted by mcerd1
quote:
Originally posted by ironside
Are any of your users infected with the CryptoLocker virus?
don't think so - and we arn't getting any ransom demands
Surely only the infected user would be getting the ransom demands, and they might, ahem, be keeping their head down!
Virus scan of every computer on the network would be my first step. But it looks like the backups are the only way to get back information (might
want to ask the IT dept why they aren't doing nightly backups of key server drives).
If it were a hardware problem you'd expect the filesystem to be completely gone rather than individually corrupted files so it's most
likely a software topic.
--
Never argue with an idiot. They drag you down to their level, then beat you with experience.
Anonymous
|
|
|
jeffw
|
| posted on 19/2/14 at 12:39 PM |
|
|
I'd lay money this is Cryptolocker
|
|
|
scudderfish
|
| posted on 19/2/14 at 12:45 PM |
|
|
If you haven't already, pull the network cable out.
|
|
|
mcerd1
|
| posted on 19/2/14 at 12:56 PM |
|
|
quote:
Originally posted by iank
Surely only the infected user would be getting the ransom demands, and they might, ahem, be keeping their head down!
Virus scan of every computer on the network would be my first step.
well looks like you guys were right
turns out its one of the guys in the workshop 
(I assume the drive in question was mapped on his machine - luckily my own files aren't on that one....)
so I think we'll be going back to fridays back-up
[Edited on 19/2/2014 by mcerd1]
-
|
|
|
mookaloid
|
| posted on 19/2/14 at 01:49 PM |
|
|
Very scary stuff
Do you know how much they were asking for?
"That thing you're thinking - it wont be that."
|
|
|
mcerd1
|
| posted on 19/2/14 at 03:17 PM |
|
|
quote:
Originally posted by mookaloid
Very scary stuff
Do you know how much they were asking for?
no idea - but google it and you'll get some scary stats about the amount of cash they may have got from other folk....
our IT support company (well know national company staffed by monkeys) have apparently isolated it and are replacing the affected files with the ones
on the backup - mind you I don't trust them as far as I could throw them, they've already screwed up a couple of other programs today
while 'fixing' the virus issue (no idea why the boss won't go elsewhere...)
[Edited on 19/2/2014 by mcerd1]
-
|
|
|
Ben_Copeland
|
| posted on 19/2/14 at 03:24 PM |
|
|
quote:
Originally posted by mcerd1
our IT support company (well know national company staffed by monkeys) have apparently isolated it and are replacing the affected files with the ones
on the backup - mind you I don't trust them as far as I could throw them, they've already screwed up a couple of other programs today
while 'fixing' the virus issue (no idea why the boss won't go elsewhere...)
[Edited on 19/2/2014 by mcerd1]
Because they are all the same... ours is anyway !
Ben
Locost Map on Google Maps
Z20LET Astra Turbo, into a Haynes
Roadster
Enter Your Details Here
http://www.facebook.com/EquinoxProducts for all your bodywork needs!
|
|
|
mookaloid
|
| posted on 19/2/14 at 03:27 PM |
|
|
quote:
Originally posted by mcerd1
quote:
Originally posted by mookaloid
Very scary stuff
Do you know how much they were asking for?
no idea - but google it and you'll get some scary stats about the amount of cash they may have got from other folk....
our IT support company (well know national company staffed by monkeys) have apparently isolated it and are replacing the affected files with the ones
on the backup - mind you I don't trust them as far as I could throw them, they've already screwed up a couple of other programs today
while 'fixing' the virus issue (no idea why the boss won't go elsewhere...)
Oh I did google it - that's why it's so scary. it could completely kill a small business which isn't prepared for that sort of thing
- either you pay out a fortune to the criminals or you pay out to IT support to get it fixed - either way it's a worry
Hope you get sorted.
"That thing you're thinking - it wont be that."
|
|
|
mcerd1
|
| posted on 19/2/14 at 03:29 PM |
|
|
quote:
Originally posted by Ben_Copeland
Because they are all the same... ours is anyway !
ours have a reputation of being one of the worst of the worst
we were with a smaller company that could at least fix things properly - but they got bought over a few years ago and for some unknown reason
we've stayed with them.....
-
|
|
|
iank
|
| posted on 19/2/14 at 03:48 PM |
|
|
quote:
Originally posted by mcerd1
quote:
Originally posted by Ben_Copeland
Because they are all the same... ours is anyway !
ours have a reputation of being one of the worst of the worst
we were with a smaller company that could at least fix things properly - but they got bought over a few years ago and for some unknown reason
we've stayed with them.....
--
Never argue with an idiot. They drag you down to their level, then beat you with experience.
Anonymous
|
|
|
britishtrident
|
| posted on 19/2/14 at 05:00 PM |
|
|
In my area a lot of the l the lawyers and accountants offices have been getting hit with virus laden emails mostly claiming to come from either
government departments including Scottish Courts, HMCRC or respectable companies such as SAGE, TNT or a bank (are banks still considered respectable
!).
The emails aren't getting hits in the sbl-xbl.spamhaus.org blacklist but but can be flagged because they are routed from Russia, Liberia, and
Brazil. The sparsely worded email with the attachment is worded in a away the would arouse suspicion in anybody who deals with these organisations.
[I] “ What use our work, Bennet, if we cannot care for those we love? .”
― From BBC TV/Amazon's Ripper Street.
[/I]
|
|
|
mcerd1
|
| posted on 20/2/14 at 03:36 PM |
|
|
well the monkeys are still at work - so far they've had 2 failed attempts to fix it (i.e. copy the file off the back up) and thats taken them
at least 8 of our working hours....
this really is just a big copy / paste job - how can they get that wrong
[Edited on 20/2/2014 by mcerd1]
-
|
|
|
daveb666
|
| posted on 20/2/14 at 04:02 PM |
|
|
Regardless of whether your boss will switch IT companies - surely it has to worth spending a few hundred quid on a daily, on-site backup so you no
longer need to rely on outside sources?
2007bc Photography - Commercial and Wedding Photographer based in West Yorkshire
http://www.2007bc.co.uk / http://www.huddersfieldcommercialphotographer.co.uk
|
|
|
britishtrident
|
| posted on 20/2/14 at 04:16 PM |
|
|
quote:
Originally posted by mcerd1
well the monkeys are still at work - so far they've had 2 failed attempts to fix it (i.e. copy the file off the back up) and thats taken them
at least 8 of our working hours....
this really is just a big copy / paste job - how can they get that wrong
[Edited on 20/2/2014 by mcerd1]
It depends when the last full back was done, normally a back up set consists of a full back up and incremental back ups and normally just the data
is backed up not the OS.
The problem is when trying to get the system as near up to date as possible you can copy the malware straight back on.
[I] “ What use our work, Bennet, if we cannot care for those we love? .”
― From BBC TV/Amazon's Ripper Street.
[/I]
|
|
|
