netcomp
asked on
We got ransomware on the server fileserver 2012
This morning , the users reported that when they click on the files on the network drives , they are getting the ransomware dilog box that tells them that you have 72 hours to pay. I have backup of the server drives, but how do i clean this up and how do i find out who's computer on the network got this to begin with that even if restore this does not happen again . should I run malwarebytes on the server?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry, one more thing. How do I find the bad computer . What do I need to scan all or there are other signs I can look for?
You either need a centralized AV application with a management suite or else you need users to scan - something like that.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all for your comments. First, looked at the Help Decryption you File that the virus leaves on each folder. Right clicked the file and found out who the owner was and from there I know which user was the problem computer. There was no way of scanning all the computers and I am not sure our Managed AV would have found it. The client computer itself did not have any files locked. From the time stamp on file on the server, I could tell that all this had happened around 4:00PM last night. I ended up restoring using shadow copies . What was interesting was that not all the folders within the network drive was effected. Apparently, it had only gotten to some folders. I guess it did not have enough time.
Thank you for all the help again,
Thank you for all the help again,
It can only encrypt folders the user has access to.
ASKER