<div>
Thank you David, Gilnov, &amp;&nbsp;btan,<br />
<br />
I will perform a format &amp;&nbsp;system re-install as it appears to be &nbsp;unanimous.<br />
<br />
One last question moving forward - does password protecting backup images of the system and data partitions protect the image backups from malicious encryption by a ransomeware type virus?<br />
<br />
Thank you.
</div>


<div>
No, ransomware looks for the target document extension and encrypt it regardless the document is password protected or stay as is without any form of protection. As long as the ransomware can access and sight over those files or documents, they can start their encryption operation as programmed. So for instance in DMALocker, this ransomware encrypts almost all non-system and non-executable related files that it finds on the infected system. However, it will whitelist certain folders and extensions from being encrypted. E.g. <br />
<br />
Folder - \Windows\,\Program Files\,\Program Files (x86)\,Games,\Temp,\Sample<wbr /> Pictures,\Sample Music,\cache<br />
Extension - .exe,.msi,.dll,.pif,.scr,.<wbr />sys,.msp.c<wbr />om,.lnk,.h<wbr />ta,.cpl,.m<wbr />sc,.bat,.c<wbr />md<br />
<br />
Therefore, the existence of partition depends on how the ransomware logic runs to enumerate through the partitions (including ext USB etc), unmapped or mapped network drives. If it can reach them and it is not whitelisted, it will attempt to encrypt. However, it may be stopped if application whitelisting measures are put in place to even allow it to run or when running under a lower privileged account may hinder it to reach those files.
</div>


<div>
Thank you all for contributing.
</div>


<div>
<div class="content wysiwyg-content">
Greetings,<br />
I have a &nbsp;2008 R2 Server that got hit by DMA Locker which included the encryption of all the &nbsp;Server's data partition files AND the deletion of our system images on a connected USB drive. Since the USB drive looks to have ben &quot;wiped&quot; clean I am assuming it was &quot;wiped&quot; by the DMA Locker infection with a program placed maliciously on the Server called Eraser.exe that was not there last month.<br />
We are in the process of downloading 27GB's of MozyPro remotely backed up data and suspect all is good with that data since we can go back to file versions prior to the encryption date of this weekend.<br />
<br />
1. Should a virus removal / repair be attempted with virus detection / removal tools, &nbsp;or should this scenario be an automatic format/fresh re-install of Server 2008?<br />
&nbsp;2. Am I correct in assuming that even if the DMA Locker program can be completely removed/eradicated from the current system this will not decrypt our encrypted data?<br />
<br />
Thank you.
</div>
</div>


Greetings,
I have a  2008 R2 Server that got hit by DMA Locker which included the encryption of all the  Server's data partition files AND the deletion of our system images on a connected USB drive. Since the USB drive looks to have ben "wiped" clean I am assuming it was "wiped" by the DMA Locker infection with a program placed maliciously on the Server called Eraser.exe that was not there last month.
We are in the process of downloading 27GB's of MozyPro remotely backed up data and suspect all is good with that data since we can go back to file versions prior to the encryption date of this weekend.

1. Should a virus removal / repair be attempted with virus detection / removal tools,  or should this scenario be an automatic format/fresh re-install of Server 2008?
 2. Am I correct in assuming that even if the DMA Locker program can be completely removed/eradicated from the current system this will not decrypt our encrypted data?

Thank you.

DMA Locker ransomeware remove/repair attempt

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.