Jump to content

Please help, I'm infected with ransomware


Recommended Posts

  • Root Admin

Hello @JayF22 and :welcome:

Please note that Malwarebytes 3 is for home users and not for business use. That said though I'll do my best to assist you.

What is this main purpose of this server? File Server, Web Server, Exchange, Etc?

How many workstations and or other servers are you running on the network?

What OS versions are involved?

Thank you

Ron

 

Link to post
Share on other sites

Hey, it's a file server.  Uses Windows server 2012. About 10 workstations.  From what I can tell none of them have been infected. They are running Windows 7.  I believe it's Ransomware because a ton of the files are renamed with text like, "files will be deleted within 24 hours if not paid"and text documents are in all folders directing payment in bit coin. I'll upload some files in a little bit with screenshots

Link to post
Share on other sites

  • Root Admin

Yeah, that's not good. Hopefully, you have a backup of your data and a good solid backup of the Server. Though it may be possible to clean the Server it is highly recommended that you don't try to clean it. Best advice for a Server is to remove all partitions, format the drives and reinstall Windows from backup. Then restore data from backups.

Please visit the following site to help ID which ransomware you got hit with to see if there is a decoder available or not. Some of the encryptions have tools to decrypt but many of the newer ones do not.

https://id-ransomware.malwarehunterteam.com/

Please let me know what you find and how else I can assist you.

Thank you

Ron

 

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.