Jump to content

RansomWare disk encryption


Recommended Posts

a customer who has OS Windows server 2012 R2 and was running Malwarebytes Premium and Clamwin antivirus had this come up this morning when they turned on the server.  They have several computers that connect by RDP.  Within last several days several of the RDP clients could not log in and at least one was removed while others had been disabled in server user section.  I was able to enable and add one user back and was running a MB scan when the system shut down and this happened.

any ideas of how to remove?  there is a separate disk that contains the data files



Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Hello @AceVA

Very sorry for the delay. It looks like your topic was overlooked. In the future please send me or one of the Techbench admins a private message if no one has replied within 24 hours to one of your posts. 

This is the Mamba (HDDCryptor) infection and there is no known way to decrypt that I'm aware of. You can remove the hard drive and set it aside in the hopes that a decryptor may be found at some time in the future and put in a new hard drive and install Windows. Otherwise, I'd recommend that you remove all partitions and then reinstall Windows. Then work with your client on both active protection as well as a valid backup solution that does not stay connected.

As a side note, Malwarebytes Premium is not supported on any Server OS.

Here is a link with a little more information for you.


Thank you and if there is something else I can assist you with please let me know.



Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.