Does someone have any experience with AES-NI ransomware on windows server 2008?
What is the best way to fix it?
(I have online backup)
Windows Server 2008* malwareSecurity
Last Comment
Alan Vace
8/22/2022 - Mon
Adam Brown
Go to http://idransomware.malwarehunterteam.com and upload a copy of one encrypted file and/or the ransom note file. If there's currently a known decrypt app, that will tell you where to get it. If there's no decrypt app, you'll have to restore your files from backup.
I know my system has 4 domain controllers, across 2 main sites and 4 satellites. None of the domain controllers do anything else, and 2 are virtualized. They DO NOT talk to the outside world except the primary which can reach outside to keep the clock synced. And they are all backed up daily. They don't even get updates from outside, but from an internal WSUS server.
AD is a very critical element and once it breaks bad, you have to start over without good backups.
I also agree with the virtualization recommendation... It is a bit expensive to dedicate a server to just a domain controller, but a virtual server is fairly cheap to do... You can host several virts on a reasonable chassis...
I had problems with this ransomware, and I managed to recover some files with a help of ShadowExplorer and this guide. But all recovered files are very old :(