Hard Disk Drive Lock Scam

[dualmeister]

It is possible if you have a server or workstation that is accessible via an IPMI module (i.e. works at a hardware level before OS takes over). But, I'm guessing a person who is gullible enough to believe a call from Microsoft probably does not have access to this ... I hope :erm:

 

[TJ99]

Under BIOS security there are usually 2 password option. (BIOS can't be accessed)
-User password
-HDD password

Its a HDD password. Removing cmos battery did not help.

Yes, it's a "hard disk lock", but it's done in the BIOS. Meaning it should not affect the drive if you connect it to another computer. Have you tried that?

 

[TJ99]

Remote access relies on an actual network connection.
Bios is outside of any network environment.

Or am I wrong?

Scammer probably used remote access to install the malware/virus, which then wrote in the password.

 

[mouks]

Yes, it's a "hard disk lock", but it's done in the BIOS. Meaning it should not affect the drive if you connect it to another computer. Have you tried that?

I haven't connected it to another PC yet. As per google the drive will also be encrypted once connected to a PC

 

[RoganDawes]

This may be of some use, depending on how savvy you are at the lower levels of the hardware stack:

http://hackaday.com/2013/11/29/bypassing-seagate-ata-security-lock/

 

[RoganDawes]

This may be of some use, depending on how savvy you are at the lower levels of the hardware stack:

http://hackaday.com/2013/11/29/bypassing-seagate-ata-security-lock/

Looking at the screenshot, you have a different manufacturer, so the above link will not translate directly. However, you may also be able to get away with swapping out the logic board of the drive for one from an identical drive that has not been password protected.

AFAIK, the password is simply a marker in the drive electronics telling it not to obey any other commands until the password has been entered correctly. IF the password is stored in the drive electronics, and not on the disk itself, then you should be OK swapping the controller board. I guess someone like SouthBit would be able to answer that question better than I.

 

[mouks]

I chose boot from hdd using a boot disk.This is the error:

Booting Boot from Nard Drive (Windows Vista/7/2008/XP)

find --set-root --device=h /bootmgr :: find --set-root --ignore-floppy --ignore-cd /ntldr

Error 15: File not found

 

[Rickster]

I would put it in another PC, copy important files then buy a new HDD and install windows and copy files over.

 

[Pada]

If he really has to get data off that hard drive, he'll most likely have to pay the scammers that money... - but before he does that, open a police case.

Have a look at the following wiki: http://en.wikipedia.org/wiki/CryptoLocker
... and how to prevent it:http://community.spiceworks.com/topic/396103-cryptolocker-prevention-kit-updated

 

[sajunky]

However, you may also be able to get away with swapping out the logic board of the drive for one from an identical drive that has not been password protected.

Please don't do that. Password lock is stored on platters in firmware area. Swapping PCB would only create possibility corrupt firmware.

Removing password is doable, but you would also need to remove malware which almost certainly had been installed on the computer. Search hddguru Web site for solutions for WDD hard drives.

I don't think it is encrypting malware in your case. Some stupid morons just picked up an idea and used very simple method of locking by password. They will be chased by police.

You can prevent such case in future by freeware utility (I don't remember name) using ATA freeze lock facility to protect changing password till next reboot.

 

[sajunky]

However, you may also be able to get away with swapping out the logic board of the drive for one from an identical drive that has not been password protected.

Please don't do that. Password lock is stored on platters in firmware area. Swapping PCB would only create possibility corrupting firmware.

Removing password is doable, search hddguru Web site for solutions for WDD hard drives.

After removing password lock, Hirens Boot CD becomes handy, as you would also need to remove malware which almost certainly had been installed on the computer.

I don't think it is encrypting malware in your case. Some stupid morons just picked up an idea and used very simple method of locking by password. They will be chased by police if you do it right.

You can prevent such case in future by freeware utility (I don't remember name) using ATA freeze lock facility to protect changing password till next reboot.

 

[ponder]

After he gave remote access...

There's an Afrikaans saying that goes something like "As jy dom is moet jy kuk!"

Give me his cell number, I'm sure I can get his banking details, passwords & pin out of him

 

[LazyLion]

Sounds like the CryptoLocker Malware....

http://www.pcadvisor.co.uk/features/security/3491195/how-protect-yourself-from-cryptolocker-attack/

 

[tRoN]

There's an Afrikaans saying that goes something like "As jy dom is moet jy kuk!"

Give me his cell number, I'm sure I can get his banking details, passwords & pin out of him

Don't be a rude troll.

We all get scammed somehow for things we lack knowledge of e.g we had an aircon service guy sabotage the unit to scam us to repair for a higher cost.