<div>
Is this cryptolocker <br />
If so visit &nbsp;<a href="http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information" rel="ugc">http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information</a>
</div>


<div>
Thanks<br />
It look similar<br />
will check all PC's tomorrow morning
</div>


<div>
Beware that the later versions can disable your shadow copies<br />
This will leave you no way but to restore from backup or pay the ransom ( not guarantee or recommended)<br />
<br />
Depending on your file sizes it may be useful to &quot;restore from previous versions&quot; using you shadowcopies &nbsp;all critical data now to an alternative location Then take it offline <br />
this should give you a safety backup if all else fails <br />
<br />
I dealt with a case of this on two occasions <br />
The entry point was a user opening an innocent looking .zip file &nbsp;in an email attachment<br />
So the infection will probably be on a workstation not the server itself<br />
<br />
Good luck <br />
keep us posted
</div>


<div>
After disconnecting all PC from the Network<br />
managed to recover all files from a few days earlier with previous versions off the server<br />
I couldn't find any with Cryptolocker files on any PC's<br />
in apps local or registry run <br />
I did a system restore on all in case due to time issues (unplugged didn't loose trust)<br />
All running fine for last couple of days<br />
<br />
PS Couldn't find any email attachments either in the time period
</div>


<div>
I would now scan all the pc ' s and servers with malwarebytes as a check and prevent reinfection (you can get the free version from the bleeping computers site)<br />
<br />
Is it possible a pc or perhaps a laptop user (not presently on the network) has been missed?
</div>


<div>
<a href="http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information" rel="ugc">http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information</a><br />
<br />
Above link not working <br />
Try this instead
</div>


<div>
That link didn't work but this does<br />
<br />
<a href="http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information" rel="ugc">http://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information</a><br />
&amp;&nbsp;yes this look like it , all PC's were scanned with Malware Bytes &nbsp;All Clean<br />
<br />
Will keep checking <br />
Thanks for your help
</div>


<div>
<div class="content wysiwyg-content">
Hi I have a real-estate company &nbsp;that has just had a ransom ware attack<br />
this file on shared folders on the server<br />
<br />
&quot;All files including videos, photos and documents on your computer are encrypted.<br />
<br />
In order to decrypt the files, open site 4sfxctgp53imlvzk.onion&quot;<br />
<br />
I can access files using previous versions without issue (lucky) sbs2011<br />
question there running AVG Business on the server &amp;&nbsp;workstation<br />
is this program likely running on a PC that's doing this (how to locate?)<br />
<br />
I'm hoping not to have to reload the server , but may have reload all workstations<br />
or could I get away with a system restore?
</div>
</div>


Hi I have a real-estate company  that has just had a ransom ware attack
this file on shared folders on the server

"All files including videos, photos and documents on your computer are encrypted.

In order to decrypt the files, open site 4sfxctgp53imlvzk.onion"

I can access files using previous versions without issue (lucky) sbs2011
question there running AVG Business on the server & workstation
is this program likely running on a PC that's doing this (how to locate?)

I'm hoping not to have to reload the server , but may have reload all workstations
or could I get away with a system restore?

Ransom Ware

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.