How do I decrypt files with *.rapid extensions on Windows Server 2008 R2?
A Windows Server 2008 R2 installation has been infected with a Trojan horse that has encrypted files with the *.rapid extension. The server had Avast for Business installed. An AVG rescue CD was made and ran multiple times to eliminate instances of the Trojan horse. After four times, the server is labeled clean from the AVG rescue CD. I then uploaded two *.rapid files to nomoreransom.org and it came back saying that there was no fix for this. Does anybody know of a trusted decryption software that can correct this problem? I can attach a file if requested.
Lee W, MVP
Use your backups. Some ransomware hasn't been cracked yet. Why security is so important and backups are so important.
ASKER
I have been. Just looking for a way to not have to redo a server by finding a tool.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
memewarren, I wanted to add some info to this post that might be helpful.
1. 99% of ransomware variants DO NOT have a decryptor.
2. Most ransomware variants delete system restore points and volume shadow copies.
3. Backup jobs can fail or may not be good if you do not regularly test those backups.
Backups are necessary but not the ultimate solution and this why.
Your server was just infected with ransomware.
1. Now your employees are kicked out of their management system and data on the server shares is corrupt and unreadable meaning your employees cannot do their job so productivity has dropped to zero.
2. Customers are walking through the door and cannot be serviced resulting in a loss of reputation.
3. Your employees are getting paid but not being productive resulting in a loss of revenue.
4. File restores can take hours or days and every hour lost is more revenue lost for the company.
5. The cost to cleanup the ransomware attack can be thousands to 10's of thousands of dollars.
When you actually look at the total cost of the downtime created during a ransomware attack; you start to see how costly relying solely on backups can be to an organization.
My Suggestion:
1. Close unused ports
2. Educate employees about Social Engineering and phishing attacks
3. Verify you have a good backup systems and those backups are current.
4. PATCH, PATCH, PATCH your systems to reduce vulnerabilities.
5. Install Proactive Ransomware Detection software that detects and stops ransomware that bypass your traditional defenses. CryptoStopper is a great product that will detect and stop any and all ransomware attacks that bypass traditional defenses like your firewall, AV, and employees.
Lots of good info about CryptoStopper here including links to download.
https://www.watchpointdata.com/cryptostopper/
1. 99% of ransomware variants DO NOT have a decryptor.
2. Most ransomware variants delete system restore points and volume shadow copies.
3. Backup jobs can fail or may not be good if you do not regularly test those backups.
Backups are necessary but not the ultimate solution and this why.
Your server was just infected with ransomware.
1. Now your employees are kicked out of their management system and data on the server shares is corrupt and unreadable meaning your employees cannot do their job so productivity has dropped to zero.
2. Customers are walking through the door and cannot be serviced resulting in a loss of reputation.
3. Your employees are getting paid but not being productive resulting in a loss of revenue.
4. File restores can take hours or days and every hour lost is more revenue lost for the company.
5. The cost to cleanup the ransomware attack can be thousands to 10's of thousands of dollars.
When you actually look at the total cost of the downtime created during a ransomware attack; you start to see how costly relying solely on backups can be to an organization.
My Suggestion:
1. Close unused ports
2. Educate employees about Social Engineering and phishing attacks
3. Verify you have a good backup systems and those backups are current.
4. PATCH, PATCH, PATCH your systems to reduce vulnerabilities.
5. Install Proactive Ransomware Detection software that detects and stops ransomware that bypass your traditional defenses. CryptoStopper is a great product that will detect and stop any and all ransomware attacks that bypass traditional defenses like your firewall, AV, and employees.
Lots of good info about CryptoStopper here including links to download.
https://www.watchpointdata.com/cryptostopper/