hardsoftMemberJune 15, 2017 at 1:23 pm #167067
I have a file server that is infected with ransomware infection, the entire system is encrypted with ramsoware . What is the best way to recover these files and including recommended tools?
thanks/.June 15, 2017 at 1:55 pm #191701
Restore from backup.
If you give us an idea what OS the server is running, there may be some other suggestions, but ultimately they will boil down to restore from backup.
toandxpc3MemberJune 15, 2017 at 10:23 pm #391611
The OS is Windows Server 2008. I dont have offline backup. My two servers are configured to do online backup through replication. so both areaffected.June 16, 2017 at 12:50 am #191704
This is a graphic example of the difference between high availability and backup. You have HA, but it is NOT a backup!
If you have shadow copies enabled, you may (depending on how long the infection has been in place) be able to restore an older – pre infected – version. If not your choices are to pay the Danegeld or to lose your data. Paying may get your data back, but when dealing with criminals, you have no guarantees of anything!
You will be having an “interesting” conversation with management about this, after which you – or possibly your successor – will be asking for money to implement a proper offline backup solution, as well as better security to reduce the risk in future.
biggles77SpectatorJune 16, 2017 at 9:01 am #214186
You haven’t mentioned if you have removed the infection yet as well as the file/email that some idiot opened to start this ball of fun.
Run Malwarebytes on each infected machine. Better still, [SIZE=12px]read [/SIZE][SIZE=16px]this[/SIZE]. If you can post what version of Ransomware, it may assist with removal instructions. Kaspersky can even recover the encrypted files of some versions of ransomware.
Bitdefender Rescue CD. – There is a link on that page to download the Rescue CD.
You also don’t mention what else is infected. Ransomware infects SHARES it can find on a network so you may have more than just the Servers infected.
Provide more and detailed information and you will most likely be provided with more and detailed removal instructions. Unless the files can be decrypted then recovery is unlikely.
joeqwertyModeratorJune 16, 2017 at 12:34 pm #304603
You can probably remove the ransomware but it’s doubtful you can recover the files. If you don’t have a clean backup of the data and the data is important/business critical then you may have to pay the ransom to get the decryption key.
toandxpc3MemberJune 17, 2017 at 5:23 pm #391614
mostly only word documents are infected. they are all encrypted . i will try to download the stufff
losiabaarMemberJune 27, 2018 at 7:06 am #360825
we have the same problem. If you have fix it, please share!!
losiabaarMemberJune 27, 2018 at 1:44 pm #192030
Restore from Backup (after cleaning and, if necessary rebuilding, the infected computers.
You must be logged in to reply to this topic.