Announcement

Collapse
No announcement yet.

Dot Ransom file extension?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dot Ransom file extension?

    One of my clients has been hit with ransomware which has encrypted files and left them with a .ransom extension
    It seems nastier than most in that it has deleted shadow copies and appears to have done things to the backup drives too

    I haven't read the info files it has left, and haven't had any luck locating other instances of the same file extension.

    Has anyone met this one, or know what I should be googling for to find out more?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    It says Remove and possibly Restore files. But seems a bit goggledee gook to me. See it you can make sense of it. https://sensorstechforum.com/ransom-...restore-files/

    This seems clearer. https://www.bestsecuritysearch.com/r...emove-restore/

    May be an advert for the software or maybe not. http://www.freefixpcvirus.com/remove...your-computer/

    HTH
    Last edited by biggles77; 31st October 2017, 17:11.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Cheers - much appreciated. I'm fighting this (at 200 miles range) while trying to train a group in SCCM and deal with the zillion and one other crises that seem to hit!
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        So, usual sort of day then.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          The ransomware hit server is OFF until the weekend. I thought I had cleaned it and left it overnight doing additional scans. In the morning the AV had disappeared and there was a suspicious account logged in.....
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment

          Working...
          X