Jump to content

Hit despite Premium account

Recommended Posts

Not sure if this is the appropriate forum but as close as I could find. My Windows 2012 server was taken out by ransomware despite having a Malwarebytes Premium account as well as Symantec Endpoint protection. Three hard drives full of data completely trashed. I cannot understand how this could happen? 

As a clue - I was informed of Windows Updates in the usual way, and I downloaded and installed them. I was told the PC needed to be restarted but I could not do this immediately as users were working so I left it in this state for about five hours. When I did restart, the system was trashed.

I am wondering whether I was somehow duped into installing false Windows updates or if the delay between installing and restarting had anything to do with it?

Would appreciate feedback as this is extremely concerning.

Link to post
Share on other sites

  • Root Admin

Hello @Beeeater and :welcome:

Very sorry for the delay as I was out on vacation and many of the other helpers here don't perform Server support.

After the fact is very difficult to tell how it happened without potentially having imaged the server to do forensic analysis. Typically forensic analysis is very costly or used in criminal cases. If the server is still running (not advisable) you could potentially review Event Logs and other logs to see if something is found. In the case of a server, once it has been attacked at that level it's highly recommended to clear partitions and reinstall and update the server. Then restore the data from backups. Not having backups is and always has been a recipe for disaster for any business. If there is something else I can assist you with please let me know.

As a side note, neither Symantec Premium or Malwarebytes Premium are designed to support and protect a server. Both companies have other products designed for Server support.

Thank you



Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.