ctupr
asked on
Server hack (ransom ware)
I have attached a photo of a server, is there a way to know which ransom ware it is infected with? And if someone knows a way to recover the server. Thanks.
server-hack.jpg
server-hack.jpg
ASKER
I have already tried that, the external backup HD and the internal HD's are not recognize in nay kid of PC (windows, mac and Linux) every time I put one of those in another PC I get the message to format the drive. This is similar to the Petya ransom ware in some ways but I cannot figure out which one it is. Still thanks for your comment.
Just start your RAID controller's utility and remove the disks from the array. Then create new arrays and restore your system from your backups. There is no point in trying to find out what has encrypted your system, you wouldn't be able to do anything about it when you knew that anyway.
ASKER
There are no backups, only backup was on the external drive which seems to be encrypted in a similar way. This is new client, they did not have any real IT assistance. Still if someone has seen this before and has been able to identify the name of the ransom ware it will be very helpful. Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well I will wait to see if anyone else has seen this before and has any solution. Thanks for your answers.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The petya app it's not able to see teh disk. Since there is no backup I'm still looking for anything that would help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The experts has suggested the solution and means since the HDD is encrypted as shared. Get the HDD decrypted then check further on the encrypted file using idransom or cyber sheriff.
Eventually recommendation if attempt is futile, continue to still establish clean machine and get data from backup as last resort.
Eventually recommendation if attempt is futile, continue to still establish clean machine and get data from backup as last resort.
Last resort, you can attached each hard drives on another computer equipped with Malware Bytes then scan each one. Let MB detect and fix the problem. Of course it goes without saying that you do this on a test machine so you won't have to worry about the malware spreading.