Recently, Yuntian Data Recovery Center has received many requests for help from users infected with ransomware viruses. Many users have the same ransomware, which is the DevicData ransomware. Next, let’s learn about this ransomware from three aspects: its characteristics, treatment options, and subsequent maintenance.
1. Characteristics of DevicData ransomware virus
- Encrypted files: DevicData ransomware achieves the purpose of extortion by encrypting data on the user's computer. It can encrypt database files, txt, office documents, pictures, videos and other files, making it impossible for users to open and use these files normally. The encrypted file extension will become *.DevicData-X-XXXXXXXX. If the original file name is kuaijiemi.txt, it will become kuaijiemi.txt.DevicData-X-XXXXXXXX after encryption.
- Ransom letter: After the encryption is completed, the other party will leave a txt document named Recover files!!! on the desktop and in multiple folders. When you open the document, you will see the ransom information left by the other party, which generally includes a situation introduction, Information such as how to decrypt and payment methods.
- Server runs slow
For some servers that have been used for a long time or are not very configured, after being infected by the DevicData ransomware virus, they often encounter very slow operations. Sometimes it takes a very long time to open an office document or a web page. When you open the task manager, you will find that the running memory usage ratio is very high.
- DevicData ransomware solution
- Shut down the network and close sharing: DevicData ransomware has the characteristics of horizontal expansion, so when you find that your computer or server is infected, you should immediately isolate the poisoned server by shutting down the network and closing sharing to avoid infecting the local area network. more computers or storage devices.
- Back up important data: Once the data is damaged, it may cause irreparable risks. Therefore, no matter what operation is performed, important data in the server must be backed up. If possible, classify the files as much as possible to facilitate later recovery and search.
- Find a professional team and organization for recovery: Yuntian Data Recovery Center reminds users not to try to recover by yourself or perform unnecessary operations. Of course, if you want to give it a try, you can try it with the backup data. Keeping the original data will make the data recovery work smoother.
- Things to note after recovering data
- Reinstall the system: The system must be reinstalled. The server after being attacked must have vulnerabilities, and there may also be virus programs that have not been completely removed. So never use the original operating system to save trouble.
- Do not enable port mapping unless necessary: A considerable number of customers have enabled port mapping, which has caused the server to be infected, so be sure to remember to turn off port mapping in time.
- Offsite backup. If possible, you must make off-site backups every day, so that even if you are accidentally attacked, you can still minimize the loss.