asked on

New Server 2012 Essentials after mkgoro@india.com.Wallet ramson on old server

Hi, unfortunately our server was hacked and all files encrypted using mkgoro@india.com.wallet ransom. Thankfully we had a backup that's almost saved the day.

Pervious server was SBS2011 with office 365 exchange.

I have created a new server with server 2012 essentials, what should I do to protect from a further attack. I have not enabled VPN for the moment and have closed all ports on our router.

ASKER CERTIFIED SOLUTION

Dr. Klahn

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Bryon H

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

David Logan

ASKER

Hi, I found an unknown user profile on the server that was not encrypted, all other files / system files on the server has been locked. My main focus was trying to retrieve files from shared folders / drives. Kasperskey offer a free tool for ransomware, is this any good?.

B H

Every ransomware infection is going to be a little different so we can't say for sure or not if there is a decryptor available. Being that this isn't the standard crypto wall you may be in luck if you have an encrypted version and a decrypted version of the same file there may be some utilities that can help. If you can find the right utility it can then go decrypt everything. Is there a pair of files that you are okay sharing the decrypted and the encrypted version of? For example a standard default picture included with every Windows installation

SOLUTION