I have Windows Server 2012 R2, working as a DC in a small business. I have few shared folder in it…
The server was hit by a ransomware that changed all its files to RAR executable files adding to their names the way of paying the ransom.
Fortunately, all my files are backed up, I have no worries about them, but I want to be able to access my server again, to clean it!
My issue is that I am not able to boot the server to its GUI, I tried to do that locally, after the loading screen finished, all I see is a black screen without even a mouse cursor.
When I tried to access it remotely, it is not allowing me giving the message that it is either off or not connected to the network.
Although I am able to check the files and folders which was shared, but I am not able to access it and work on its GUI. I believe it is the Ransomware blocking me from doing so.
I did some researches and found out that this ransomware usually uses the RDP port to access the server.
I tried to boot the server on the Windows installation to repair it, but none of the solution has worked (Reset PC, repair startup, restore point… all failed).
Anybody faced this issue? … Any suggested solution?
Thanks and regards.
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.