Recovering files lost by CME-24/BlackWorm

data recovery is not an easy or cheap business. you get what you pay for. you pay for the difficulty of the work (which is boring and tedious) and difficulty increases the cost considerably the more it becomes closer to virtually impossible.

in this particular case, files are being corrupted. therefore recovery for normal (non-nsa) level of need and cost is, in my opinion, problematic at best.

before we move to what can be done, a short story:
when i was in the israeli military (in israel there is a mandatory 3 years service – drafting is on) i once read a document that detailed what was needed in order to request data recovery done. the first clause in the document was: stand trial for not following backup procedures.

if nothing else, we once again learn the need for backup.

as to recovery – it may not be so easy. i’d suggest, depending on your level of need, anything from studying the subject of data recovery and computer forensics online to hiring a company that specializes in this field.
regardless, if you have any plans of ever recovering data stop using your hard drive now to prevent important data from being over-written.

the sans isc diary posted a few pointers:
http://isc.sans.org/diary.php?storyid=1096

gadi evron,
ge@beyondsecurity.com.

Share