One of my clients has been hit with ransomware which has encrypted files and left them with a .ransom extension
It seems nastier than most in that it has deleted shadow copies and appears to have done things to the backup drives too
I haven’t read the info files it has left, and haven’t had any luck locating other instances of the same file extension.
Has anyone met this one, or know what I should be googling for to find out more?
The ransomware hit server is OFF until the weekend. I thought I had cleaned it and left it overnight doing additional scans. In the morning the AV had disappeared and there was a suspicious account logged in…..