How to recover from ramsomware infection

Home Forums Security General Security How to recover from ramsomware infection

This topic contains 11 replies, has 7 voices, and was last updated by  toandxpc3 5 months, 3 weeks ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts

  • hardsoft
    Member
    #167067

    I have a file server that is infected with ransomware infection, the entire system is encrypted with ramsoware . What is the best way to recover these files and including recommended tools?

    thanks/.


    Ossian
    Moderator
    #191701

    Restore from backup.
    If you give us an idea what OS the server is running, there may be some other suggestions, but ultimately they will boil down to restore from backup.


    toandxpc3
    Member
    #391611

    The OS is Windows Server 2008. I dont have offline backup. My two servers are configured to do online backup through replication. so both areaffected.


    Ossian
    Moderator
    #191704

    This is a graphic example of the difference between high availability and backup. You have HA, but it is NOT a backup!

    If you have shadow copies enabled, you may (depending on how long the infection has been in place) be able to restore an older – pre infected – version. If not your choices are to pay the Danegeld or to lose your data. Paying may get your data back, but when dealing with criminals, you have no guarantees of anything!

    You will be having an “interesting” conversation with management about this, after which you – or possibly your successor – will be asking for money to implement a proper offline backup solution, as well as better security to reduce the risk in future.

    Good Luck!


    biggles77
    Spectator
    #214186

    You haven’t mentioned if you have removed the infection yet as well as the file/email that some idiot opened to start this ball of fun.

    Run Malwarebytes on each infected machine. Better still, [SIZE=12px]read [/SIZE][SIZE=16px]this[/SIZE]. If you can post what version of Ransomware, it may assist with removal instructions. Kaspersky can even recover the encrypted files of some versions of ransomware.

    Ransomware removal.

    Bitdefender Rescue CD. – There is a link on that page to download the Rescue CD.

    How to Use the BitDefender Rescue CD to Clean Your Infected PC (Thank you How-To Geek)

    You also don’t mention what else is infected. Ransomware infects SHARES it can find on a network so you may have more than just the Servers infected.

    Provide more and detailed information and you will most likely be provided with more and detailed removal instructions. Unless the files can be decrypted then recovery is unlikely.


    joeqwerty
    Moderator
    #304603

    You can probably remove the ransomware but it’s doubtful you can recover the files. If you don’t have a clean backup of the data and the data is important/business critical then you may have to pay the ransom to get the decryption key.


    toandxpc3
    Member
    #391614

    mostly only word documents are infected. they are all encrypted . i will try to download the stufff

    Blood
    Blood
    Moderator
    #337298

    Check out the resources available from Emsisoft. They have various decryptors available. If you have been hit with a older strain of ransomeware they might have a decryptor for it.
    https://decrypter.emsisoft.com/


    losiabaar
    Member
    #360825

    we have the same problem. If you have fix it, please share!!


    losiabaar
    Member
    #360826

    We are a secondary school and have been hit with the virus “[email protected]” and we cant find a way to decrypt the children’s files. any help is welcome!


    Ossian
    Moderator
    #192030

    Restore from Backup (after cleaning and, if necessary rebuilding, the infected computers.

    Blood
    Blood
    Moderator
    #337392

    It does not look good. Take a look at this ESET forum post from a couple of days ago: https://forum.eset.com/topic/15905-d…om-ransomware/

    As Ossian says, and this goes for all infections, the safest way out is to rebuild the systems and restore from backup.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.