Jump to content

Can a malware recover deleted files?


Recommended Posts

On 1 de junio de 2020 at 6:09 AM, treed said:

This is not due to malware, but can be due to disk corruption. I'd recommend backing up your data and repairing the hard drive:

https://support.apple.com/guide/disk-utility/repair-a-storage-device-dskutl1040/mac

It can also simply be due to apps that put files in the trash.

Thanks, Apple said it could be a bug.

why does disk corruption occur? Should I worry?

Link to post
Share on other sites

1 hour ago, yael said:

Apple said it could be a bug.

A bug in what, macOS?

1 hour ago, yael said:

why does disk corruption occur? Should I worry?

Corruption can occur for any number of reasons, but that's really not what you should be focusing on. Just realize that it happens to everybody, eventually and in some cases software can repair the damage, but not always. As was said, back up your data and repair it, if it exists.

But drives will ware out, usually somewhere around three years of age. Again, the electronics of the drive can swap out bad sectors for good ones from it's reserve, but when the reserve is gone, then so is the reliability of your hard drive and it will have to be replaced. Again, solid, recent backups are your only insurance against loosing data.

So if the damage is not repairable and you don't have a current backup, then it's actually past time for you to worry.

Link to post
Share on other sites

  • 1 year later...

with ransomware being able to infect a system i was wondering if it is possible. for malware to get low enough level access to the hard drive to recover data especially from the virtual memory swap files?

 

because i notice it sometimes takes a really long time to shut down or restart and i am thinking that the system is zeroing out the vm swap files to prevent data recovery.

Link to post
Share on other sites

Anything is possible, but such access would almost certainly have to be given by an admin user.

I seriously doubt that macOS would zero out anything since SSD's are all limited by the number of write cycles. Everything I've read indicates that deleting from the directory and relying on the drive firmware's garbage collection to free up sectors is best practice. 

Users have noted that shut down and restart times have seemingly increased with each new macOS version, for some reasons.

Link to post
Share on other sites

  • Staff
11 hours ago, ejonesss said:

with ransomware being able to infect a system i was wondering if it is possible. for malware to get low enough level access to the hard drive to recover data especially from the virtual memory swap files?

Just a couple notes to help clarify.

First, it's almost certainly not worth the time and effort for a malware creator to write code to recover deleted data from the hard drive. If they've already got the kind of access to your computer that would make that possible, there are far easier and juicier targets. Further, the intensive ongoing disk activity needed to capture data from the entire hard drive - and the corresponding large amount of data exfiltration - would pose a higher risk of discovery.

This is kind of like a bank robber, who has managed to successfully tunnel into the vault undiscovered, considering picking the pockets of the bank tellers and stealing the furniture from the lobby. Low value theft, unless the robber happens to get lucky enough that one of the desks in the lobby happens to contain an expensive gold pocket watch, and much higher chance of getting caught.

Second, regarding ransomware... there is currently no active Mac ransomware. Although there were a few (three) unsuccessful attempts to release ransomware for Mac back in 2016 and 2017, and a fake ransomware (actually an information stealer) in 2020, none of these are currently active. Ransomware technically could happen on Mac in the future, but some of Apple's privacy protections would pose a hurdle that could make Macs a harder target than Windows, so I see this as another low value opportunity compared to Windows.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.