Incident Report
Incident : While downloading a pirated version of software from torrent, victim laptop and connected external hard drive was affected.
Operating System : Windows 8
Ransomware type : .Codnat
Brief on ransomware
Usually, this type of malwares encrypt victim’s files like .docx, .png, .jpg etc with an unknown key that was demanded by the attackers to be paid for the decryption to .docx.codnat, .png.codnat, jpg.codnat respectively and erase the original file from the disk to imitate that the file is corrupted.Eventually, it generates a ransom note _readme.txt to provide the information of purported attacker’s demand.
Approach
Used some decrypting tools that had not worked at all.
Finally, used PhotoRec ; a free tool to recover deleted files in the respective drive. You can download it here.
But it took many hours to get recover all affected files back as it was a 1TB external hard disk.
“Don’t be fool enough to pay ransom”
Thank you
