Quote:
Originally Posted by silverdoctor
These encryption viruses are getting insane.
Back up your computers by hook or by crook because it's likely the only way you're going to recover. Had a company call me this morning, their server got hit directly by an employee logged on remotely - which means everything useful on the server - including the attached current backup drive is encrypted. It's going to be a long night recovering from the old backup from 2 weeks previous.
Windows has a backup utility, and there is a plethora of freebies online. Copy and paste if you have to. Just don't leave the hard drive plugged in at all times.
If you get an encryption virus, and it does it's deed - you may as well grab a beer and cry about it. Good verified backups are your only guaranteed way out.
|
I see these virus' a lot at work also. Check and see if the shadow recovery is enabled. Every server I have ever setup has this enabled. Luckily I have yet to see a crypto virus that can damage that.
Download (if you haven't tried already) shadow explorer from
www.shadowexplorer.com. It can save you hours and hours.
I can't count how many times this program has saved us for our customers who have gotten crypto'd.
After the server has been redone, I would suggest running cryptoprevent (
https://www.fooli****.com/cryptoprev...re-prevention/), to help curb this in the future. Best of luck to you!!