asked on
AES-NI ransomware on windows server 2008
Does someone have any experience with AES-NI ransomware on windows server 2008?
What is the best way to fix it?
(I have online backup)
What is the best way to fix it?
(I have online backup)
Windows Server 2008* malwareSecurity
Last Comment
Alan Vace
Go to http://idransomware.malwarehunterteam.com and upload a copy of one encrypted file and/or the ransom note file. If there's currently a known decrypt app, that will tell you where to get it. If there's no decrypt app, you'll have to restore your files from backup.
ASKER
link not working.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I'm trying to remove with spy hunter everything crashes it's on the DC.
What can I do?
What can I do?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I'm trying to sfc command.
I think it only encrypt the data files not the AD and everything.
Do I need really to re-install everything?
I think it only encrypt the data files not the AD and everything.
Do I need really to re-install everything?
I guess you could try malwarebytes and see if it kills the encryptor. Then do some extensive testing to see if your forest is corrupted...
It is very poor practice to try and clean a critical server like that, but you can try...
How can you be sure it didn't add other malware?
It probably at a minimum killed your sysvol and group policies.
So was this just a domain controller or were you doing other things with it too?
It is very poor practice to try and clean a critical server like that, but you can try...
How can you be sure it didn't add other malware?
It probably at a minimum killed your sysvol and group policies.
So was this just a domain controller or were you doing other things with it too?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I know my system has 4 domain controllers, across 2 main sites and 4 satellites. None of the domain controllers do anything else, and 2 are virtualized. They DO NOT talk to the outside world except the primary which can reach outside to keep the clock synced. And they are all backed up daily. They don't even get updates from outside, but from an internal WSUS server.
AD is a very critical element and once it breaks bad, you have to start over without good backups.
I also agree with the virtualization recommendation... It is a bit expensive to dedicate a server to just a domain controller, but a virtual server is fairly cheap to do... You can host several virts on a reasonable chassis...
AD is a very critical element and once it breaks bad, you have to start over without good backups.
I also agree with the virtualization recommendation... It is a bit expensive to dedicate a server to just a domain controller, but a virtual server is fairly cheap to do... You can host several virts on a reasonable chassis...
Sufficient advice given
I had problems with this ransomware, and I managed to recover some files with a help of ShadowExplorer and this guide. But all recovered files are very old :(