content
1. What is .[[email protected]].Devos ransomware?
2. How to recover ransomware virus files with .devos suffix?
3. Introduction to the recovery case:
Recommended system security measures:
Foreword: Case Introduction
.[ [email protected] ].Devos suffix ransomware is a new type of virus spreading from a well-known foreign ransomware family. Recently, it has received a large number of inquiries and assistance from companies. All companies are requested to strengthen their prevention.
Fortunately, as the first team in China to discover and study the encryption characteristics and intrusion methods of the virus, the data recovery rate we can achieve with this suffix is relatively high, and we can basically achieve a perfect recovery state, and we have also accumulated a lot of success. For recovery cases, you can contact the 91 data recovery team for consultation if necessary. Let's analyze and look at this.[ [email protected] ].Devos suffix ransomware.
Recently, the suffix .[ [email protected] ].Devos ransomware virus in the server of a domestic company, all the company's server files were poisoned, all business software server and file server files were all encrypted, urgent data recovery is required, otherwise the company will operate It cannot be carried out. Introduced by a local software manufacturer, the customer contacted our 91 data recovery team. After remote detection and analysis by our 91 data recovery engineer, we quickly determined the data recovery plan with the fastest and highest recovery rate. The company's database files can be restored 100% perfectly, and there is no possibility of data loss. Then the engineer team urgently arranged all night long to help customers restore data. The file data recovery rate reached 100%, and the database files were 100% perfectly restored. High customer satisfaction and praise.
1. What is .[ [email protected] ].Devos ransomware?
.[ [email protected] ].Devos ransomware also known as DHARMA ransomware, modifies your files by encrypting them and demanding a ransom payment to restore access to them.
DHARMA ransomware is active again with a new cryptovirus called .devos. This particular virus family modifies all popular file types by adding the .devos extension, making data absolutely unavailable. Victims simply cannot open their important files. Ransomware also assigns its unique identification key, like all previous representatives of the virus family. Once the file is encrypted by ransomware, it gets a special new extension that becomes a secondary extension.
After encrypting the data, the .[ [email protected] ].Devos ransomware also contacts the Command & Control server to send each victim an RSA private key. Ultimately, the malware encrypts pictures, documents, databases, videos, and other files, leaving only system data, with a few other exceptions.
Moreover.[ [email protected] ].Devos ransomware will continue to infect files that are newly put into the poisoned machine, so if you are unfortunately infected with .[ [email protected] ].Devos virus, please do not use storage media to insert In poisoned machines, otherwise the files of the storage medium will be encrypted inevitably.
If you are unfortunately infected with this ransomware virus, the first thing you should do is to disconnect from the Internet to check for data poisoning and seek the help of a professional data recovery company.
Infected with .devos suffix ransomware, it is recommended to do the following immediately:
1. Disconnect the virus-infected Internet connection;
2. Unplug all storage devices;
3. Log out of the cloud storage account;
4. Close all shared folders;
5. Seek the help of a professional data recovery company, and do not modify the file suffix without authorization, which will destroy the content of the file twice and may cause the data to be unrecoverable later.
How does the .devo ransomware spread the infection?
After analyzing the poisoned machine environment of several companies, it is judged that the ransomware basically invades in the following ways. Please understand and check the following intrusion prevention methods one by one. After all, prevention in advance is much easier than recovery after the event.
remote desktop password blasting
Close the remote desktop, or modify the default user administrator
Shared settings
Check if only shared files are encrypted.
The suffix virus of the same type as this virus has the following suffixes, all of which belong to the same virus family, and our team can resume processing:
.[[email protected]] .devos
.[[email protected]].Devos
.[ [email protected] ].Devos
.[[email protected]].Devos
.[[email protected]].Devos
.[[email protected]].Devos
.[ [email protected] ].Devos
.[ [email protected] ].
.[[email protected]].Devos
.[[email protected]].Devos
.[[email protected]].Devos
.[ [email protected] ].Devos
.[ [email protected] ].Devos
.[[email protected]].Devos
.[[email protected]].Devos
.[[email protected]].Devos
.[[email protected]].Devos
2. How to recover ransomware virus files with .devos suffix?
The repair success rate of this suffix file is about 95%~99.9%.
Due to the encryption algorithm problem of this suffix virus file, each infected computer server file is different. It is necessary to independently detect and analyze the virus characteristics and encryption of the poisoned file in order to determine the most suitable repair plan.
Considering the time, cost, risk and other factors required for data recovery, it is recommended that if the data is not too important, it is recommended to directly scan and disinfect the entire disk, format and reinstall the system, and then do a good job of system security protection. If the infected data does have the value and necessity of recovery, you can test and consult the data recovery plan for free.
3. Introduction to the recovery case:
1. Encrypted data
One server has more than 4,000 encrypted file data, and mainly restores all table data files of the MySQL database.
2. Data Recovery Completion
The data is recovered, and the recovery rate is equal to 100%. The recovered files can be opened and used normally.
3. Data recovery period
Recovery period:
One server started to perform overnight recovery on the day of receiving the customer's order, and finally completed the recovery of all data in the afternoon of the next day, which took 19 hours.
Recommended system security measures:
1. Multiple machines, do not use the same account and password
2. The login password should be of sufficient length and complexity, and the login password should be changed regularly
3. The shared folder of important data should be set up with access control and backed up regularly
4. Regularly detect security loopholes in systems and software, and patch them in time.
5. Regularly go to the server to check whether there is any abnormality.
6. Install security protection software and make sure it works properly.
7. Download and install the software from regular channels.
8. For unfamiliar software, if it has been intercepted and killed by anti-virus software, do not add trust and continue to run.
9. Keep good backup habits, try to make daily backups and off-site backups.