He installed some Ad blocker.Did your friend tried to download any files via torrent , crack software or kms pico ?
From chrome extention store.Details ?
So all his data gone?or did he manage to recover?From chrome extention store.
For now he got new windows installed and formatted everything and saying the laptop working fine now.
He now wants suggestion for any good antivirus.
So suggest some good antivirus.
Thanks.
I don't think ransomware ever comes from these. I used a lot of such stuff on Windows and Mac both and never had any problem. These days, bad stuff comes from fake software (not cracked software) such as, some link giving you a 100 MB version of photoshop which is impossible, some other link telling you that your pc is infected and you should install a new anti virus/ad blocker/anti xyz software. Lastly, ransomware mostly comes from phishing emails. For example, 99% of the hacked Youtube and facebook accounts are due to phishing emails or facebook message containing links and software.Did your friend tried to download any files via torrent , crack software or kms pico ?
All gone he said he was using it from 2012-13.So all his data gone?or did he manage to recover?
100Mb photoshop is possible I have a photoshop setup just 91mb which I downloaded in 2018 and it works pretty good, although not using it anymore.100 MB version of photoshop which is impossible,
Damn. And the price of external hdd is cheap too. Could have bought a 4TB drive for around 7k and saved stuff for years on it. I see people cry only after something happens to their "important" data which doesn't have even one backup. ¯\_ಠ_ಠ_/¯All gone he said he was using it from 2012-13.
Wouldn't ransomware encrypt the files in the external drive as well when he connects it to the laptop !!Could have bought a 4TB drive for around 7k and saved stuff for years on it
Ransomware reveals itself only after it has encrypted most of your files. From the time of infection till it exhibits the notice, it resides in the memory and transparently decrypts the encrypted files, so there is no way to know that you are infected. One possible way to know that the backed up data is not already encrypted is to check the same in another known-to-be-clean system. If the data is already encrypted it cannot be accessed in the clean systemI'm not saying leave the drive connected to the laptop 24/7. Only use it for copying important data and then remove it. If it's connected when the ransom ware attacks, it will also get encrypted. But if it was not connected, then you won't lose data. You can then easily format the laptop and recover from the external drive.
in theory yes, but its not guranteed.Maybe a naive question, sometimes if they get paid do they send the decryption key and can all data be recovered again?