Scalpel Help Needed Urgently

shaunofi · 05-01-2019, 08:13 AM

Hi All

My data center was hit with ransom ware. I am hoping you can help me. I am using the scalpel software to recover. I need help adding the file extensions to the scalpel.conf file. The extensions are .sna .hsh .sn1

Any advice will be appreciated

TB0ne · 05-01-2019, 08:18 AM

Quote:

Originally Posted by shaunofi

Hi All
My data center was hit with ransom ware. I am hoping you can help me. I am using the scalpel software to recover. I need help adding the file extensions to the scalpel.conf file. The extensions are .sna .hsh .sn1

Any advice will be appreciated

There is nothing 'urgent' about this for anyone here but you. We volunteer our time to help folks, so asking for/expecting 'urgent' help is fairly rude. And you give us ZERO details; what version/distro of Linux??

Got hit with ransomware? Then you have options:

Pay up
Restore from backup
Read any of the how-to guides (which you could have done faster than posting here, since it's 'urgent') https://www.howtoforge.com/recover-d...s-with-scalpel

Personally, I'd trust **ZERO** of what you're trying to recover. Restore from a known clean backup and move forward.

shaunofi · 05-01-2019, 08:22 AM

My apologies!

I am new to Linux and extremely stressed trying to find a solution

TB0ne · 05-01-2019, 08:28 AM

Quote:

Originally Posted by shaunofi

My apologies!
I am new to Linux and extremely stressed trying to find a solution

Again: without details there is zero we can help you with. There are many how-to guides for using scalpel, but as stated, if you were actually hit with ransomware, I'd not trust ANY of your data, period, at all.

Restore from clean backups from well before the incident. That's what they're for.

shaunofi · 05-01-2019, 09:12 AM

Quote:

Originally Posted by TB0ne

Again: without details there is zero we can help you with. There are many how-to guides for using scalpel, but as stated, if you were actually hit with ransomware, I'd not trust ANY of your data, period, at all.

Restore from clean backups from well before the incident. That's what they're for.

Unfortunately the backups were destroyed as well. I managed to install Scalpel. The Scalpel.conf file needs to first be configured for the file extension I want to recover.
I added in the file extension. It recovers folders but not the files. I am assuming I added the extensions incorrectly

TB0ne · 05-01-2019, 09:20 AM

Quote:

Originally Posted by shaunofi

Unfortunately the backups were destroyed as well. I managed to install Scalpel. The Scalpel.conf file needs to first be configured for the file extension I want to recover. I added in the file extension. It recovers folders but not the files. I am assuming I added the extensions incorrectly

..and back to, AGAIN, not knowing ANYTHING past ransomware and scalpel. You **STILL** aren't saying what version/distro of Linux, how you installed Scalpel, or what you've done/tried. Doesn't have anything to do with Linux to describe a problem...you wouldn't call a mechanic and say "Help! My car won't start but I put fuel in!!" would you? Wouldn't you say what kind of car, fuel, etc.??? This isn't different.

Sorry, but unless you can provide relevant details, there is absolutely NOTHING we can help you with. Since you don't have backups, there may be nothing else to do but to start fresh. How, exactly, were your backups destroyed?? Weren't they on a different disk/media??? If not, you do realize that you didn't HAVE a backup, right??

ondoho · 05-01-2019, 03:14 PM

the first rule when recovering lost data is to NOT use that hard drive anymore!
need to boot live!
i hope you didn't install that software on the same hard drive...

ChuangTzu · 05-01-2019, 05:11 PM

https://www.linuxquestions.org/linux...Ask_a_Question

How did you confirm the ransomware and not someone just yanking your digital chain?