troubleshooting Question

DMA Locker ransomeware remove/repair attempt

Avatar of COM1
COM1Flag for United States of America asked on
SecurityAnti-Virus AppsWindows Server 2008
6 Comments3 Solutions602 ViewsLast Modified:
I have a  2008 R2 Server that got hit by DMA Locker which included the encryption of all the  Server's data partition files AND the deletion of our system images on a connected USB drive. Since the USB drive looks to have ben "wiped" clean I am assuming it was "wiped" by the DMA Locker infection with a program placed maliciously on the Server called Eraser.exe that was not there last month.
We are in the process of downloading 27GB's of MozyPro remotely backed up data and suspect all is good with that data since we can go back to file versions prior to the encryption date of this weekend.

1. Should a virus removal / repair be attempted with virus detection / removal tools,  or should this scenario be an automatic format/fresh re-install of Server 2008?
 2. Am I correct in assuming that even if the DMA Locker program can be completely removed/eradicated from the current system this will not decrypt our encrypted data?

Thank you.
David Johnson, CD
The More I know, the more I don't know
Join our community to see this answer!
Unlock 3 Answers and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros