How do I decrypt files with *.rapid extensions on Windows Server 2008 R2?

A Windows Server 2008 R2 installation has been infected with a Trojan horse that has encrypted files with the *.rapid extension.  The server had Avast for Business installed.  An AVG rescue CD was made and ran multiple times to eliminate instances of the Trojan horse.  After four times, the server is labeled clean from the AVG rescue CD.  I then uploaded two *.rapid files to and it came back saying that there was no fix for this.  Does anybody know of a trusted decryption software that can correct this problem?  I can attach a file if requested.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Use your backups.  Some ransomware hasn't been cracked yet.  Why security is so important and backups are so important.
memewarrenAuthor Commented:
I have been.  Just looking for a way to not have to redo a server by finding a tool.
Here's a list of some decryptor:
Trend Micro File Decryptor
Kaspersky decrpytors
AVG Ransomware Decryptor tools

However, I believe that you're still shot in the foot. There is no known tool for it as of yet, but you can try the tools provided (by no means an exhaustive list). Do you have backups of the server itself, in additional to the data?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

Scott SilvaNetwork AdministratorCommented:
You can try this site with a sample file and see what it says.
btanExec ConsultantCommented:
So far there is no known decryptor for the .rapid files which is likely due to Rapid Ransomware infection.

Recovery from backup data is still the sure and reliable way, assuming you have been maintaining the backup copy.

You can try to use data recovery software to revive lost data. But most Ransomware always clear the original files, restore points, and shadow copies. It is not a guarantee for data restoration, but if really needed then it may still be worth giving a try.  Run 'Recuva', or check for previous versions are copies of files and folders made by Windows Backup (if Windows Backup option is turned on) or copies of files and folders created by System Restore. Lastly, run " Shadow Explorer"
Axis52401Security AnalystCommented:
memewarren, I wanted to add some info to this post that might be helpful.

1. 99% of ransomware variants DO NOT have a decryptor.
2. Most ransomware variants delete system restore points and volume shadow copies.
3. Backup jobs can fail or may not be good if you do not regularly test those backups.

Backups are necessary but not the ultimate solution and this why.

Your server was just infected with ransomware.
1. Now your employees are kicked out of their management system and data on the server shares is corrupt and unreadable meaning your employees cannot do their job so productivity has dropped to zero.
2. Customers are walking through the door and cannot be serviced resulting in a loss of reputation.
3. Your employees are getting paid but not being productive resulting in a loss of revenue.
4. File restores can take hours or days and every hour lost is more revenue lost for the company.
5. The cost to cleanup the ransomware attack can be thousands to 10's of thousands of dollars.

When you actually look at the total cost of the downtime created during a ransomware attack; you start to see how costly relying solely on backups can be to an organization.

My Suggestion:
1. Close unused ports
2. Educate employees about Social Engineering and phishing attacks
3. Verify you have a good backup systems and those backups are current.
4. PATCH, PATCH, PATCH your systems to reduce vulnerabilities.
5. Install Proactive Ransomware Detection software that detects and stops ransomware that bypass your traditional defenses. CryptoStopper is a great product that will detect and stop any and all ransomware attacks that bypass traditional defenses like your firewall, AV, and employees.

Lots of good info about CryptoStopper here including links to download.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.