One of the biggest frustrations today’s interconnected world, is the constant threat from viruses, malware and spyware designed to either steal confidential information, or to cause irritation by destroying data, or interrupting the normal operation of your computer. Even before the advent of the internet, viruses were propagated by diskette, although at the time, most of these were largely just an irritation. Virus is still a commonly used term, although these days it is considered a subset of a larger group of malicious software, known as malware.
We see a considerable number of hard drives arrive for data recovery, which have suffered some form of logical damage due to malware, where important data structures have been overwritten on the disk. Contrary to the beliefs of many, such attacks can affect both Windows and the often thought immune Apple Mac operating systems.
Data Risk from Malware and Spyware
Malware covers a wide group of different attacks, but the most annoying from a usability angle, are those which change the behaviour of other software, damage data files or even destroy important file system metadata structures. At best these are a mild inconvenience, but the worst will destroy data, and cause damage to the file system, such that it will no longer mount correctly, precluding access to your files.
The worst kinds and most insidious, are malware and spyware designed to either steal important data such as credit card details, bank account data and passwords. There is also another subset of malware called scareware, which attempts to scare you into buying a bogus software application which will purportedly fix the issue, but is a ruse to steal your credit card details. Ransomware runs at boot time, claiming a legal transgression, which attempts to force you to pay a fee in order to continue using your computer.
Identifying the malware which you have installed on your computer is not always easy, especially if your anti-virus security software has been hi-jacked, as can often be the case. If your security software has been hi-jacked, it is possible that the websites you visit will not be the real ones, and could compromise your data further.
For each different type of infection, there are often many steps which need to be followed, which are not guaranteed to resolve the problem, and may risk causing further damage to important data held on the disk. In many cases it may be faster and easier to reinstall the operating system, and also ensures that the malware is no longer installed. It is important that when reinstalling software, that extra care is taken, not to reinstall the same malicious software.
Malware Data Recovery
If the volume containing the operating system holds important data files which you have not backed up elsewhere, the best course of action is to power the computer down, and seek help from a professional data recovery company, such as DiskEng. We have seen many disks arrive for data recovery where the partition table has been overwritten, as well as those where important file system metadata structures have been modified, and in some cases even moved to different locations.
Fortunately when the file system metadata structures are altered or moved, it usually causes the operating system to crash, which usually stops the attack from destroying the information used to locate the users files and documents. In these situations, an in-depth knowledge of file system data structures is required, in order to fix the problems, which allows access to the data stored in data volume.