Please read and take note
CryptoLocker 14th October 2013
CryptoLocker is the next generation of internet virus that is currently circulating all over the world in large numbers. Once a computer becomes infected it will lock all your files plus any network files it has access to, even your server.
Once the files are locked it will give you a three day countdown to pay the ransom, usually $100 or $300. If the time expires your files are locked with no option to pay the ransom.
It is by far the worst we have experienced so far and virus protection companies are scrambling to catch up with this one, as it changes frequently to elude the virus scanners. In other words: it can affect you if you are not careful even though your firewall and virus protection is active and up-to-date.
Currently there are only two known methods to remove the infection, restoring your files from a backup or paying the ransom.
Please be aware that paying the ransom is not guaranteed to work. We don’t condone paying the ransom and supporting these cybercriminals.
Usually this occurs by these methods:
In the form of attachment, usually disguised in an email appearing to come from your bank, insurance company or courier service or scanner.
A simple safety procedure that works for the majority of email applications or online email services is to “hover” over the link, which means move the cursor to the attachment or “button” or other link in the email, but DO NOT click. If the domain name that appears has no relation, looks suspicious, or appears as an unintelligible tangle of letters and numbers, it usually means it is not legitimate and should be deleted.
Through Trojan websites, which will ask you to download a piece of software in order to watch video clips or download songs off the internet.
Through exploit kits, specific websites with similar names to popular ones, just waiting for people to miss-type the address and think they are on their favourite website.
Advice for prevention
Do not open attachments if you are unsure of the contents or the email was unexpected.
Look for clues in the email content, usually most legitimate emails will address you by name and not something generic like ‘customer’ with vague wording.
Do not click on website links in emails until you have viewed the link location (do this by hovering over the link, this will display the link right at the bottom of Outlook). Instead of clicking the link, you are best to manually browse to the website via your web browser.
Make sure your anti-virus is updated regularly
Make sure your backups are current and working and backing up ALL critical data
If you get the virus
Stop work
Immediately disconnect any network drives
Contact us
Alert other users of the issue, as most likely any work done will be overwritten when the backup is restored.
Please do forward this email on to your staff, friends and associates.
If you don’t want to connect your others account in Microsoft Office 365 but there is another feature present in Microsoft Office 365 which allows you to receive emails without connecting them in Office365.
Forwarding email is that feature which will help you to receive you emails (which have sent on your Office 365 email address).
1- Log into your Microsoft Office 365 account.
2- After signing in, select Options which is present under Outlook Category.
3- After selecting, Options section will be open in new tab window and now select Account from the left sidebar.
4- Now open the Connected Accounts tab which is present on the right side.
5- After opening the tab, enter the email address to which you want to forward your emails and click on the ‘Start Forwarding’.
6- Now click on ‘Save’ to save all the settings which have done.
After following all of the above mentioned steps you can easily enable forwarding emails to other email addresses in Microsoft Office 365.
Found some really good information on DNS and rather than reinvent the wheel, I thought I would share this with you. Credits at the bottom of the article.
DNS (Domain Name System) is a simple service many in IT don’t understand. It’s essentially the phone book for any network — especially the Internet. When you surf the web you use DNS. If not, you would have to remember every system’s IP address you wanted to visit. Instead of Google.com or Amazon.com, you would have to remember 74.125.239.82 and 205.251.242.54 and every backup IP address they use for load balancing the traffic.
There are many different providers of DNS. They’re your ISP (home or business), Google, Level 3, OpenDNS, DynDNS, etc. Your home ISP will often provide features like search assist or phishing block to help protect you while you’re searching the web. Google (8.8.8.8 and 8.8.4.4) and Level 3 (4.2.2.1 and 4.2.2.2) provide DNS servers that don’t block any requests (unfiltered) so you don’t have to use your ISP’s DNS services if you don’t want to.
OpenDNS and DynDNS offer services — for pay and for free — that allow you to control what kind of sites you wish to block and what sites you wish to allow. Pay accounts often give you more control down to individual sites rather than categories of sites. This is a popular method for securing home Internet service to protect kids from looking at content you don’t want them to look at — without having to hover over them as they browse the Internet. It’s also good for protecting you from phishing scams.
A records
Basic DNS records are called A records. These are Address Records for a hostname. For example, if you look at the A records for www.google.com you will find several entries that include 74.125.227.209, 74.125.227.210, 74.125.227.211, 74.125.227.212, and 74.125.227.208 as well as one that looks different than the others: 2607:f8b0:4000:803::1013. This one is IPv6 where the others are IPv4. Having multiple records like this doesn’t give true load balancing. If you surf to www.google.com and DNS tells your system that it needs to contact 74.125.227.209 and it doesn’t respond, your system doesn’t ask again — it gets 74.125.227.210 and continues. It will ask the question once and if it gets an answer (even one that states the address can’t be resolved) your browser will attempt to connect to it and return the web page or a “page doesn’t exist” error page.
MX records
DNS records are also used to route email around the Internet. These are called MX records. They usually point to a group of computers that are responsible for receiving mail for the organization. Each entry will have a priority associated with it — this provides a failover so if one mail server isn’t responding, the sending mail server can try the next one in the list.
NS records
So what are DNS servers called in DNS records? NS, or Name Servers, are the servers that are responsible or have authority for the domain zones they host. This also helps with replicating the changes in the DNS zone between servers that are responsible for each DNS zone.
PTR records and rDNS
There are also reverse records called pointer (PTR) records. These help with security. If a system receives email, it knows what IP address it came from. It will do a reverse DNS (rDNS) lookup to see what domain name it came from. Then it compares this with the MX records to see if this server is registered as an email server. If not, it can reject the email as spam.
Another use is in network troubleshooting when you know the IP address but don’t know the system name. PING and TRACERT (trace route) commands will show you the IP address and the DNS name.
CNAME records
Another popular record type is a CNAME. This is a Canonical NAME record — think of it as an alias record. It is used when one IP address is used for multiple services. For example, let’s say you have a website named www.yourwebsite.com and it has an IP address of 10.1.2.3, but you also have other services you wish to publish, like FTP.
Rather than making another A Record for ftp.yourwebsite.com, you can make a CNAME for ftp.yourwebsite.com and point it (alias) to www.yourwebsite.com. When/if you change the IP address for your website (change of providers), then you only have to update one record (the A Record) for www.yourwebsite.com and all of your CNAME records will automatically be redirected to the proper IP address.
However, there are some rules that should be followed with CNAME records.
You should never point a MX record to a CNAME.
You should never point a NS record to a CNAME.
You shouldn’t point a CNAME to a CNAME as it could create a never-ending loop.
SRV records
Corporate DNS used for Active Directory Domains takes this further and includes records that help computer systems authenticate on the network and determine what domain controller is closer, what file server is closer, what the email server auto-setup should be, etc. These records include SRV records that are used for Kerberos, LDAP, and other services as the domain needs to function.
So what system holds the DNS for corporate servers (Active Directory)? Active Directory servers run DNS service that clients — other computers on the internal network — will point to them for all DNS needs. It’s up to the internal DNS servers to decide if the request is for an internal (private) record or for a public record.
If it needs a public record, there are several ways a DNS server can find the information. It can point to a set of servers either for all domains or for just a specific domain. It can use root hints to direct traffic to the proper public DNS servers. Or, it can also use a combination of the two — depending on the needs of the organization.
If you have an Active Directory environment and you point your client (or the DNS client on a domain controller/DNS server) to a public DNS server, your domain won’t function properly. The public DNS servers won’t have the records for your private DNS zone and won’t have any way to get them if your client requests it. This will prevent your computer from authenticating on the domain, joining the domain, connecting to your email server, surfing your corporate intranet, etc.
Split DNS
Let’s say you’re in a corporate environment. You have a web server that you list as www.yourwebsite.com with a public DNS record of 74.125.227.210 (this is Google’s IP address — I’m only using this as an example). But, you’re inside your network and your firewall won’t allow traffic to go out, make a u-turn and come back in so you can’t get to the website. How do you resolve this for your internal clients? You make a split DNS.
This means there is a public DNS zone for yourwebsite.com that contains an A Record for www. that resolves to 74.125.227.210 and you have an internal DNS zone (on your domain controller or domain DNS server) that also has a zone for yourwebsite.com but has an A Record for www. that resolves to 10.1.2.3 (the internal IP address for the same web server).
Now your client on the inside of your corporate network can communicate with your web server at www.yourwebsite.com. If this is a mobile device, you could move between networks (corporate, public Wi-Fi, home) and still have access to the website. Of course, with this split DNS zone, you’ll have to enter every record that’s in the public DNS zone or you will break the other records while on the internal network.
Another split DNS zone implementation is to do it just for the record you wish to redirect. You would create a DNS zone for www.yourwebsite.com and have the default record resolve to 10.1.2.3 — this way you only have to maintain one record internally instead of every record that is in the public DNS zone.
da Beast Aug 6, 2013 at 4:42 AM | DNS This is the 223rd article in the Spotlight on IT series.
Source: https://community.spiceworks.com/topic/366432-the-name-game-from-dns-ignorance-to-enlightenment?utm_campaign=0805&utm_medium=+spotlight&utm_source=+swemail
Businesses and home users are advised to avoid using the Wired Equivalent Privacy (WEP) security protocol for wireless connections.
Once commonly used, the WEP security protocol is today considered broken and should not be used.
Although most router/modem manufacturers and Internet Service Providers currently supply and support devices with higher levels of encryption, many computers and networks continue to maintain wireless connections via WEP.
If you still currently use WEP, your wireless connection is vulnerable, information you send via this method is easily accessible via sniffer tools downloaded from the Internet.
You should check your current settings and if you currently use WEP, choose an alternative security protocol for your wireless connections.
How to find your wireless security settings:
Windows
For Windows based computers, you can check the level of security being used on a wireless network by viewing Network Options in the Control Panel. From here, select your wireless network and open the Properties for that connection. The exact name and location of these options will vary between versions of Windows. A security tab or menu should offer a choice of security protocols for your device.
Apple
For Apple based computers, you can check the level of security being used on a wireless network by clicking the Network icon in the System Preferences. Select your connection on the left hand side and the security level will be listed next to the network name.
How to update your wireless security:
Updating wireless security varies depending on the make and model of your wireless device. Refer to your manual for individual product details.
Modern modems, routers and wireless devices typically offer a range of encryption protocols. Wireless encryption should be set to WPA2 if available (or WPA if not).
There can be various types of WPA2 encryption, with the simplest version being WPA2-PSK. This uses a network name and requires a password. Most computers and smartphones can connect to WPA2 networks with minimal reconfiguration.
If your wireless device does not support any encryption other than WEP, it is strongly advised to update your equipment.
More information
The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Information provided by the Internet Commerce Security Laboratory, www.icsl.com.au
Disclaimer
This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy (‘the Department’). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.
Host of subscription service
The Commonwealth has engaged Ladoo Pty Ltd to host the Stay Smart Online Alert Service. All URL links should show the domain send.ladoo.com.au at hover over. URL links related to the administration of the service (‘View online’, ‘Update your profile preferences’ and ‘unsubscribe’) should direct you to web pages hosted by Ladoo Pty Ltd.
CONTACT US
Facebook: www.facebook.com/staysmartonline
Email: staysmartonline@dbcde.gov.au
Web: www.staysmartonline.gov.au
People trust many websites today including ticketing sites, real estate sites etc. The issue is most malware and trojans are being injected into sites we actually trust. This can include YOUR website. If you want to be as sure as you can if your website is clean, go to Securi Sitecheck, type your URL and check for any malicious code or blacklists you may be on.
You will see results like below (Sterling IT is safe!). if you find your domain has any issues or is on a blacklist, contact Sterling IT as soon as possible. The longer you leave it, the longer it will take to reverse.
Comparitech have published a list of the best web application firewalls (WAFs) that can help protect a website from hacks and external attacks. Here’s the link – https://comparite.ch/best-waf
So, you’ve ignored SAM and gone and run on a RAID 5. Then, through some elder gods’ handiwork, two of your disks drop off the RAID at the same time rendering your RAID 5 inaccessible. Your skin pales as you realise your last backup was *coughcough* months ago and close to useless. What to do? WHAT TO DO!?!
First things first – stop. Stop everything. Well, keep breathing, but stop everything else. Slow your mind and calm down.
Two disks dropping out of a RAID 5 simultaneously is odd. It’s unlikely to be a hardware issue on both drives, so it could be a software issue.. possibly an incorrectly referenced or corrupt RAID config. If so, things may not be as bad as they seem and indeed, you may be able to recover everything.
This How-To addresses recovering data from failed RAID 5 arrays on Desktop PCs, a situation we all dread (and should avoid by running OBR 10). It is generic, and where assumptions are made they are stated.
Failing to have a recent backup is going to be expensive. Hopefully you already have the necessary hardware available to recover but if not, you’ll need to make a few purchases.
Depending on how the following steps pan out, you may not be successful in data recovery and you should accept that is a possibility. A lot of variables have to align to allow you to recover, but before admitting defeat stick your chin up, take a deep breath, and … switch your PC off.
1.
Shut it off!
First things first, shut your PC down.
Reason: your existing PC is a plague to your RAIDed disks at the moment, the controller can likely still access your disks and thinks it’s in its old raid config. While like this, there is the potential for extra writes to occur on those disks and this risk needs to be eliminated.
Keep it shut off. Don’t switch it back on until you can pass the next step. Where possible, the entire RAID recovery needs to be performed in one long period without interruption.
2.
Here.. just take my card.
To enable you to recover the data, you’ll need to have the necessary hardware.
1. A NAS or spare PC with significantly large network storage share.
Reason: an equal amount of space available somewhere else. If you had 3 x 1TB disks in RAID 5, you will need at least 3TB storage elsewhere. Likewise, if you had 5 x 3TB drives, you’ll need 15TB storage available on the network. This How To assumes you have a NAS with enough spare storage available, and is accessible on the network and ready for writing. Ka-ching!
2. An alternative disk connection. This can be a spare PC with spare disk ports, or an external HDD mount. This How To assumes you use a USB HDD dock
Reason: Since the RAID controller is the interface between your OS and the disks, your OS can only see the corrupted RAID, and may not even see the individual disks depending on the RAID corruption. Your disks will need to be removed from the existing controller and attached via an alternate means to a bootable Windows OS. If you’re plugging them into a different PC, ensure the disk controller isn’t the same model as the one controlling your failed RAID (which basically means ensure it’s a significantly different motherboard model). An external USB3 HDD dock is a safe bet, and not too expensive.
3. UPS me up, Scotty!
Reason: You’ll need enough UPS’s for all components during recovery. It/they need to be able to power a PC, a NAS, a switch/router and a USB HDD Dock in the event of a decent power failure. You know it’ll happen during this process (damn you elder gods!) so best protect against it.
4. R-Studio Network Edition. Prepare to buy it, but not yet. Get the trial for now.
site: https://www.r-tt.com/
download: https://www.data-recovery-software.net/Data_Recovery_Download.shtml
store: https://secure.r-tt.com/cgi-bin/Store?id=1
Reason: It’s the most stable, assured, and fastest RAID reconstruction/recovery tool I’ve encountered (from recent experience, Jan 2013). There are other tools such as Zero Assumption Recovery that will probably suffice, but my personal recommendation is R-Studio. Since this How-To assumes you’re recovering to and from a NAS or network share, the Network Edition is required. If you have uber space locally, the standard version is fine.
If you make it through to seeing your files later in this process, you’ll need to then purchase R-Studio, but in the meantime just download the trial. Install it.
5. ReclaiMe Free RAID Recovery
site: https://www.freeraidrecovery.com/
download: https://www.freeraidrecovery.com/download.aspx
Reason: This automates finding the correct parameters for reconstructing a virtual RAID, and gives clear and concise R-studio instructions when finished. And it’s free! If you’re handy with a hex editor, you can ignore this program and follow the R-Studio tutorials on finding RAID parameters (https://www.r-tt.com/Articles/Finding_RAID_parameters/). This How To assumes you’re using this program, so install it.
3.
Disassemble number 5!
You’re about to pull your PC apart and take those failed drives out. At this point, I recommend documenting everything and labeling cables and drive placements. It’s not entirely necessary but it’s good to know what connected to what and where if you ever want to escalate this to a forensic Data Recovery Center. The more info the better.. and the cheaper.
Once documented, anti-static yourself and carefully remove your failed RAID drives.
4.
Check your integrity at the door
One by one you’ll need to verify the physical integrity of your drives by running your vendor’s checking utilities.. e.g:
IBM/Hitachi — Drive Fitness Test
SeaGate — SeaTools
Western Digital — WD Diagnostics/Lifeguard
So, plug in each drive to the dock and run the tests. DO NOT ATTEMPT ANY REPAIRS, run this in read-only mode ONLY. A random write to the could wipe out your chances of recovery. We just want to make sure your drives are physically OK.
If two disks fail because of a mechanical issue or your drives are dead, unfortunately you’re hosed. Nothing to do except take it to a Data Recovery Centre. You’re probably looking at around $1,000 per recovered disk to get the experts to do it. Sorry, but this is by and large your only shot from here.
If one disk fails and the rest are fine you still have a shot. Continue.
If none fail and all your disks are fine, great! Continue!
5.
Snap that image
One by one, assuming your disks are physically fine, you need to use R-studio to take disk images of your failed RAID drives. If any disks failed the integrity check in Step 4, don’t image those as it can corrupt the overall integrity of the virtual RAID later on – only image your physically OK disks.
To do this:
– ensure you have a Mapped Drive to your NAS or network storage share. This How To will assume you labeled it S: (R-Studio didn’t like using UNC paths to take images)
– attach a HDD to the USB dock and ensure it’s powered up and visible in Windows (if not readable).
– open R-Studio
– in the drive list on the left, right-click your failed drive and select “Create Image”
– in the popup window, Main Tab, select Byte-to-Byte image, and for the Image Filename, rename it to be unique and on the mapped network share (e.g. “S:disk-01.dsk”)
– click OK and wait until finished (could be hours to days)
– repeat for all disks, uniquely naming each image file on the file share.
Sw_raid5-takeimage_big
6.
ReclaiM your RAID parameters
So, you’ve physcially checked your disks and they’re OK. You’ve successfully created images of those disks and they’re ready on the network. Now the clincher – you need to find if the RAID is able to be deciphered.
Close R-Studio
Open ReclaiMe Free RAID Recovery.
– Click on the drop-down arrow on the Disks icon up the top and select “Open disk image”
– Navigate to your NAS share and select all your uniquely named .dsk files you just made in R-Studio.
– back at the main screen, tick the checkboxes next to each of your disk images.
– click the big green Start RAID 5 icon up the top.
– let it do it’s thing. This step can take hours or days, or even weeks. For 4 x 2TB images it took 2 days on my system. Let it be and try to keep anything away from the PC and NAS and router/switch while it runs.
There is a “Confidence” meter shown during analysis. If this gets to 100% before the “Progress” meter then things are looking good. If the Progress meter gets to 100% while Confidence is low, the amount of data you can recover is diminished, if any. For RAID data recovery, as in life, high Confidence is what you’re after.
When finished, ReclaiMe will give you instructions for R-studio. Copy it into a document and save/print it for reference later.
Sw_raid5-getparams_big
7.
Peek a boo, I see you
Using the instructions given to you by ReclaiMe, follow them exactly. And by exactly, I mean exactly.
Here’s an example what you’re likely to have:
——————————————————-
These instructions are provided for R-Studio version 5.1
1. Launch R-Studio
2. On the toolbar, click “Open image”. Enter “S:ST2000DM001-9YN164CC4C-Disk3.dsk” as the file name, click “Open”
3. On the toolbar, click “Open image”. Enter “S:ST2000DM001-9YN164CC4C-Disk1.dsk” as the file name, click “Open”
4. On the toolbar, click “Open image”. Enter “S:ST2000DM001-9YN164CC4C-Disk2.dsk” as the file name, click “Open”
5. On the toolbar, click “Create Virtual RAID”. Then, select “Create Virtual Block RAID” from the dropdown menu.
6. Right click the disk list on the right, select “Add S:ST2000DM001-9YN164CC4C-Disk3.dsk” from the pop-up menu.
7. Right click the disk list on the right, select “Add S:ST2000DM001-9YN164CC4C-Disk1.dsk” from the pop-up menu.
8. Right click the disk list on the right, select “Add S:ST2000DM001-9YN164CC4C-Disk2.dsk” from the pop-up menu.
9. On the right side of the R-Studio window, set “RAID type” to “RAID5”.
10. Below that, set “Block size” to “64 KB”.
11. Below that, set “Block order” to “Left Asynchronous”.
12. In the “Parents” table, enter “0 Sectors” as “Offset” in all rows.
13. Below the RAID diagram, click “Apply”.
14. On the left panel, “Virtual Block RAID 1” is the newly created RAID. Double click it to start recovery.
Generated by ReclaiMe Free RAID Recovery build 889, www.FreeRaidRecovery.com
——————————————————-
Notice that the order in which you load drive images is not sequential, nor is it when you add the images to the Virtual Block RAID. Perform the steps as instructed in the order it advises.
Also, the last step (14) is slightly misleading. Double-click on the “Basic data partition” listed beneath the root Virtual Block RAID (rather than the “Virtual Block RAID 1” itself), and that will begin recovery.
The process of mapping the Virtual Block RAID is quite fast in comparison to what you’ve done so far, just a few minutes after beginning you’ll be presented with a data recovery screen that lists all the folders/files that it could find.
Sw_raid5-configvirtualblockraid_big
8.
Test recovery
In the R-Studio “File View” window, the folder list on the left, expand the Basic Data Partition, expand the Root.
This lists all the folders/files that it could find. Hopefully for you, it lists a lot.. maybe even everything!
Time to test a single file recovery:
– navigate your folder list and find a file you’d really like but that isn’t too big,
– select it by ticking the checkbox beside it
– click the “Recover Marked” icon up the top and follow the prompts as to where you’d like to save the file.
Sometimes recovering files can take some time. For me I recovered about 1.5TB per day across the network, but it could differ for you.
Test the recovered file – if it’s complete and satisfactory, make sure you’ve saved the instructions from ReclaiMe on how to set up the Virtual Block RAID for R-Studio.
If successful, it’s time for you to purchase R-Studio Network Edition.
store: https://secure.r-tt.com/cgi-bin/Store?id=1
It’s also time for some semi-drastic, but highly recommended action….
Sw_raid5-testrecovery_big
9.
Lose your FakeRAID, lose your RAID 5. We have the technology.
You’re ready to recover your data from the NAS to your PC, so you’ll need your disks back in your PC.
So to start off, close everything and shut down cleanly.
At this stage you should reconsider using a RAID 5 – it is inherently fragile for current drives (read up on some of Spicework’s SAM’s posts on this). Where possible grab yourself an even number of disks, buy another one if you have an odd amount, and rebuild your RAID as a RAID 10.
So, take all your disks to the original PC, plug them all back (I do it in order that I took them out, but it’s of no consequence now), and start ‘er up.
Jump into your RAID config and remove all existing RAID settings and create a new RAID 10 with all drives. RAID 10 is really the way to go. It’s highly recommended.
This will destroy all data on your disks so just in case, keep your NAS running to minimise risk of corruption on restarts.
Also, if you’ve been using FakeRAID (RAID run by the motherboard controller) consider getting yourself a proper RAID card and running your drives from there. If the controller goes on the fritz, you could be paddling without a .. paddle ..
Wait until the new RAID 10 is configured and initialised and boot into Windows.
Following Step 7, get back into R-Studio and rebuild the Virtual Block RAID so that you can see all your files again.
Restore at will to your PC, back to whence they came.
10.
Three rules of storage – backup, backup, backup
Now that you have all the data you want back, time to do some housecleaning.
If you have the space, perform a backup now. If you need, you can delete the images of your disks off the NAS first, but only if absolutely necessary and you’re confident that you won’t lose anything.
Get a backup system in place, preferably automated. That means if you lose a RAID again it’s of no consequence due to having recent backups. Check your backups often to ensure they’re being taken successfully.
You maybe used to think you didn’t need backups. I hope you’ve learned this is not the case.
So, in the wise words of every moderator in Spiceworks, “Backup, backup, backup”
“And … backup”
Conclusion
As you’ve seen, if you’ve been unlucky enough to encounter two failed drives in a RAID 5 configuration, and the drives haven’t been written to, and the drives are physically functioning correctly, and the moons align with Saturn, and your tongue is held half to the left, recovering data from a failed RAID 5 is possible. It takes time and patience. But if your data isn’t backed up and it is important, the above steps will lead you down the right path and hopefully to a full recovery.
If you have any further tips or amendments, feel free to comment!
