A friend of mine brought his laptop to me, in hopes that I might retrieve the files that were infected by ransomware. Given that ransomware used to encrypt the files is something called CrypMIC, which remains to be unfixable to this date, I was thinking what are my options with this computer.
I've read that there is a small possibility to retrieve a small percentage of files through file recovery software, but this could probably recover thousands of files and it'd probably take days to browse through these, to get the actual photos or documents my friend would actually want.
I'm wondering if there are any tricks or tips that might help me sort through tons of files effectively?
Then I've been thinking that there is a slight possibility that this particular ransomware, CrypMIC, could be fixed some day. It could be a few months, could be years. Given that, in these days, the price of 1GB for hard drives isn't that large anymore, is it possible to just backup the whole drive somewhere, I don't know, in an ISO, RAR or whatever format?
If it's possible, how would one actually do it?
And if I could actually transfer this huge ISO, RAR somewhere for the future, say on another partition or external HDD, are there any dangers behind it? Say I'd put this ISO, RAR, to another partition, leave it here, start installing new Windows and let my friend continue using his computer, would the ISO/RAR be able to infect the newly installed Windows on other partition and the files downloaded there?
Or if I'd backup the ISO/RAR on the external HDD and connect this to another computer, would it get infected?
Then final question - what mechanisms could I use, which programs could I use, how could I limit the operating system and the rights, so that my friend, his wife, kids, wouldn't mess up the computer again. Are there any possibilities to ask for the password every time someone would install software. Would that even help? I mean, kids want to install games too, so they'd have to ask for the password every time, and I'm not sure how comfortable that'd be.
I haven't really thought about those things, when I've installed Windows for my other acquaintances. I haven't limited anything, so they have full permissions to do everything. All I've done, has been installing listed programs people have told me, anti-virus software (I've installed Comodo). So I'm wondering what are my options, when I'm installing new Windows for him?
So a wall of text above, but I'll try to summarise it.
1) Computer is infected with unfixable ransomware. File recovery has reportedly given somewhat good results, getting a small percentage of the files encrpyed, back. Then again, going through tons of files, would be a pain. Are there any tools/tips that'd help me sorting, browsing through those files? Or should I just let him do it? Should I just copy the recovered files to an external HDD? Then again, wouldn't those recovered files infect the external HDD?
2) Are there any tools, that'd help me packing the whole system into one ISO/RAR, so that if some day in the future, a fix will be made for CrypMIC, I could just use the ISO/RAR, apply the fix on it, and he could get all his files back? I'd appreciate a step-by-step guide.
3) If there actually is a possibility to make one giant ISO/RAR, would the viruses, ransomware spread through this ISO/RAR to a newly installed system, if it'd sit on an external HDD or another partition?
4) What should I keep in mind, when I'm installing the new Windows? I'd also appreciate a guide on this too, or even a video, that'd show me, if there's any tips, on where and what should I limit. So that he wouldn't come back to me in a few years, telling me, that his system has been infected again with ransomware, or any sort of virus. Of course I'll tell him to regularly backup.