Donny Posted April 17, 2016 ID:1034612 Share Posted April 17, 2016 Hi i have just been hit by .locky ransomeware on server 2008 R2 how can i revert back my files as it has also affected my backups and they are demanding alot of money Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 17, 2016 ID:1034620 Share Posted April 17, 2016 Hello Donny. I am sorry that your pc ran into a Locky ransomware. No one single program would have given the machine bullet-proof immunity. How it got this ransomware is not knowable. It may have been from malvertising on some website. Or it may have been some *attachment that was opened*, such as from a Email. IF you have prior offline backups of your system, that would be the best to get back any corrupted ( encrypted ) documents and files. In any event, copy off those of your user documents that are now “changed” with those “odd extensions” onto some large USB drive as sort of future insurance against the day when someone, somewhere may come up with a decrypter utility. If your computer is on a network, physically disconnect it from the network. We can remove the infection but can't cure or resurrect the corrupted /encrypted documents & files. Do you have a very recent backup of this system on external or offline discs? There is no decrypter to undo the damaged documents. “Locky” ransomware: What you need to knowhttps://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/ check out the 6 tips listed under "What to do" for future prevention. Here Comes Locky, A Brand New Ransomware Threathttp://www.darkreading.com/vulnerabilities---threats/advanced-threats/here-comes-locky-a-brand-new-ransomware-threat/d/d-id/1324371 https://threatpost.com/locky-ransomware-borrows-tricks-from-dridex/116304/ Our Premium Malwarebytes Anti-Exploit would have stopped the Locky; but it would have required that program to be previously installed and in-place. Link to post Share on other sites More sharing options...
Recommended Posts