Data Recovery Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

FBI Warns of Malware That Makes Recovery Impossible

A warning has been sent out to businesses within the United States by The Federal Bureau of Investigation to warn against malware that could have disastrous consequences.

A group of hackers targeted Sony Pictures Entertainment in late 2014 that saw employees logged out of their own computers and email exchanges stolen and published online. The incident was embarrassing for the company and those involved in the emails, with notable exchanges between executives criticising actors and directors.

Those who claim responsibility for the attacks are a group of hackers that go by the name Guardians of Peace. The group held company data at ransom and threatened to publically release it unless their terms were met.

The FBI released a document that was five pages long on the 1st of December. The document gave details of a malware that had been used as an attacking device. Although it didn’t state that the victim was Sony, it is widely assumed to be so due to the timing and the relevancy.

An expert in cyber security commented that the document “correlates with information that many of us in the security industry have been tracking”. They went on to say that the attack information seems to be identical to the one that was actually carried out on Sony.

Joshua Campbell, a FBI spokesperson, refused to comment whether the document was referencing the Sony attack, but did acknowledge that the warning had come directly from the FBI.

Campbell said that the FBI is often advising businesses on how to combat security threats. The bureau provides the information in order to help system administrators to defend their systems and businesses against any attacks that might be on the horizon.

The document was provided confidentially, but contained warnings about the malware that recently hit Sony. Apparently the bug was capable of overwriting all the data contained on hard drives, making them inaccessible and closing off networks.

The malware works by overwriting the master boot record and all data contained within. This is extremely dangerous because it makes data recovery very difficult and usually impossible. When data is deleted the space it occupied on the drive is marked as available. As such, recovery can be possible when that space hasn’t been overwritten by anything new.

In the case of this malware, however, it completely overwrites everything. This means that the recovery tools are only going to be able to pick up on that data.

This attack has been seen on businesses in the Middle East and South Korea, but this is the first of its kind that has been performed on a business operating out of America.

Of course, a huge corporation like Sony is likely going to have a strong backup plan in place to ensure that they always have multiple copies of their data. In fact, no matter the size of your business, this is strong advice to follow. You never know when your systems might be attacked, whether it’s a specific target or not, and you could end up with severe data loss if you don’t have a strong backup plan in place.


No comments yet. Sign in to add the first!