Popped up on the PC & Server of a new client this morning looks like both encrypted I checked with a live linux USB stick but hdd reports unformatted.

Any clues other than pay these crooks.  


Damian McSorleyAsked:
Who is Participating?
AlanConnect With a Mentor ConsultantCommented:

I agree not to pay anything - chances are that they will just get asked for more money or hear nothing back.

I would suggest you do a complete wipe of the entire system, and then restore from backup, making sure it is a backup that is not infected (you might lose a day or a week's data if some of your daily backups are infected).

Travis MartinezConnect With a Mentor Smoke JumperCommented:
Do either systems have a current system restore point that can be used to reverse the damage?
Dr. KlahnConnect With a Mentor Principal Software EngineerCommented:
Well, whatever you do, don't pay them.

In the past there was about 1 in 3 chance that you would get a working decryption key if you paid the ransom.

Now the new wrinkle in ransomware is that you pay the ransom and they don't give you a working key. (After all, why should they?  They've got your money.)
Damian McSorleyAuthor Commented:
No I can't get access to the HDD as it's showing up raw on external linux file boot.

It looks like a wipe and reload, none of the staff have backed up and the server backup has also been encrypted.

Damian McSorleyAuthor Commented:
Many thanks for taking the time to reply.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.