lol ransomeware
Just found files on my Servers with a .lol extension and did some research online but I need help from you experts who have actually lived through this disaster.
How did you actually get rid of it because when I scan with Sophos it shows psexec hacking tool and a file where it is located but the file does not exist. Also Malwarebytes does not find anything on the Servers with the infections.
Once removed has anyone have success in getting back the files or do I have to restore from Backups.
Thanks for you help!
How did you actually get rid of it because when I scan with Sophos it shows psexec hacking tool and a file where it is located but the file does not exist. Also Malwarebytes does not find anything on the Servers with the infections.
Once removed has anyone have success in getting back the files or do I have to restore from Backups.
Thanks for you help!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Never ever pay the Ransom, just do a restore from the backups. Paying the ransom would only help the criminals to fund the development of ever more sophisticated viruses and give them the possibility to harm more people. Besides, they don't always send you the decryption key after the money got payed.
Some have tried to pay the ransom. Other recommend against it since it is supporting organized crime. If you have backups it may be better to evaluate how much data you have really lost before looking at the other options.
ASKER
Yes, I know it was a stupid question but I we are so worried of not finding the point of infection and all coming back again.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
See if you have "Previous version" and restore those to a removable media.
You can do a Microsoft Malicious Software Tool Scan which scans for CryptoLockers/Angler exploits and removes them, but it cannot un-encrypt data.
So restoring to removable storage, and format re-install PC is best way.
I know of people paying the ransom via the onion network using bitcoin, only to never ever hear anything again. So besides losing all data, they now paid money and lost that too.
Some more info provided here by Microsoft
You can do a Microsoft Malicious Software Tool Scan which scans for CryptoLockers/Angler exploits and removes them, but it cannot un-encrypt data.
So restoring to removable storage, and format re-install PC is best way.
I know of people paying the ransom via the onion network using bitcoin, only to never ever hear anything again. So besides losing all data, they now paid money and lost that too.
Some more info provided here by Microsoft
ASKER
Ok we were able to restore Servers and scanned all Servers with our Sophos Antivirus software as well Malwarebytes but did not find anything.
I am not comfortable that it still is not lurking.
I am starting to Scan all servers with Maclean suggestion Microsoft malicious software tool Scan.
Any additional suggestion of programs to use that is known for this kind of issue.
Thanks in advance
I am not comfortable that it still is not lurking.
I am starting to Scan all servers with Maclean suggestion Microsoft malicious software tool Scan.
Any additional suggestion of programs to use that is known for this kind of issue.
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So we do have one remote desktop Server on the network that users remote into after connecting to the VPN.
There are 3 users.
There are 3 users.
Then you have to check that server, and all the PC's on your network.
Yes, anywhere that someone may have been able to connect to the internet. Plus if you have anywhere that file are stored, check there as well since some of these malwares try to write to file shares as well as local files.
ASKER
Yes that has all been done but just a little nervous because we didn't find anything of substance that points to ransomeware and was wondering if any one had any other suggestions to additional steps to check or another program that might do a deeper scan.
Thanks
Thanks
For peace of mind, take every PC off the LAN and re-image it.
ASKER
Every comment was a help!
ASKER
I know sounds like a crazy question but has anyone paid to get the decryption from the Ransomware? I know its crazy and can even believe I am asking the question.
Thanks