Announcement

Collapse
No announcement yet.

How to recover from ramsomware infection

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to recover from ramsomware infection

    I have a file server that is infected with ransomware infection, the entire system is encrypted with ramsoware . What is the best way to recover these files and including recommended tools?


    thanks/.

  • #2
    Restore from backup.
    If you give us an idea what OS the server is running, there may be some other suggestions, but ultimately they will boil down to restore from backup.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      The OS is Windows Server 2008. I dont have offline backup. My two servers are configured to do online backup through replication. so both areaffected.

      Comment


      • #4
        This is a graphic example of the difference between high availability and backup. You have HA, but it is NOT a backup!

        If you have shadow copies enabled, you may (depending on how long the infection has been in place) be able to restore an older - pre infected - version. If not your choices are to pay the Danegeld or to lose your data. Paying may get your data back, but when dealing with criminals, you have no guarantees of anything!

        You will be having an "interesting" conversation with management about this, after which you - or possibly your successor - will be asking for money to implement a proper offline backup solution, as well as better security to reduce the risk in future.

        Good Luck!
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          You haven't mentioned if you have removed the infection yet as well as the file/email that some idiot opened to start this ball of fun.

          Run Malwarebytes on each infected machine. Better still, read this. If you can post what version of Ransomware, it may assist with removal instructions. Kaspersky can even recover the encrypted files of some versions of ransomware.

          Ransomware removal.

          Bitdefender Rescue CD. - There is a link on that page to download the Rescue CD.

          How to Use the BitDefender Rescue CD to Clean Your Infected PC (Thank you How-To Geek)

          You also don't mention what else is infected. Ransomware infects SHARES it can find on a network so you may have more than just the Servers infected.

          Provide more and detailed information and you will most likely be provided with more and detailed removal instructions. Unless the files can be decrypted then recovery is unlikely.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2

          Comment


          • #6
            You can probably remove the ransomware but it's doubtful you can recover the files. If you don't have a clean backup of the data and the data is important/business critical then you may have to pay the ransom to get the decryption key.

            Comment


            • #7
              mostly only word documents are infected. they are all encrypted . i will try to download the stufff

              Comment


              • #8
                Check out the resources available from Emsisoft. They have various decryptors available. If you have been hit with a older strain of ransomeware they might have a decryptor for it.
                https://decrypter.emsisoft.com/
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  I would suggest you to have a look on this article, where they have mentioned some of the best techniques to resolve ransomware infection and also how to recover files.
                  So give it a read once

                  [You are getting a TWO week ban for posting advertising links to a company you are associated with. If you wish to advertise your product on this forum then please contact the forum management about advertising rates. Thank you.]
                  Last edited by biggles77; 24th October 2017, 10:40. Reason: Remove advertising link.

                  Comment

                  Working...
                  X