Ransomware Help!
I have a customer that was hit with the ACCDFISA v2.0 Ransomware they had the backup drive mounted so it seems like it deleted the files not encrypted. is there any solution to this? they are asking for $4000 in Bitcoin.
Thanks.
Thanks.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Before you format and start over, I'd suggest checking around for a decryption tool. I just ran a quick Google search and found a couple results for ACCDFISA 2.0 decryption tools. I cannot vouch for whether or not they're legitimate - you'll have to make that judgment and weigh risks/benefits (you could try it in a virtual machine first to test the tool before you run it on everything).
Here's one such example:
http://karwos.net/accdfisa20/
Again, I'm always a little cautious about downloading/running anything from a site where the grammar and spelling is terrible, but sometimes you could get lucky.
Here's one such example:
http://karwos.net/accdfisa20/
Again, I'm always a little cautious about downloading/running anything from a site where the grammar and spelling is terrible, but sometimes you could get lucky.
how will you decrypt if the files got deleted?
ASKER
Files were deleted from the backup drive, actually they were hidden I ran easus recovery software and it looks like I may have an old backup I can work with
That is about all you can do if you have an old but disconnected backup.
Reinstall Windows (to eradicate the ransomware virus), install software and then use the older backup.
Reinstall Windows (to eradicate the ransomware virus), install software and then use the older backup.
make sure that the infected mail is separated from the network before performing any sort of actions.
i suggest to got with what john said.
this is a learning for everyone, never mount the backup share in any of the machines after the use.
Once your purpose is done, disconnect as soon as possible.
this is a learning for everyone, never mount the backup share in any of the machines after the use.
Once your purpose is done, disconnect as soon as possible.
You actually want at least 2 backups. You do want to keep continuous backups, but you should also have offline backups. 99% of the time, you don't get ransomeware, so it's fine to keep it online. You keep the offline backup and use it periodically, so that you can recover in the event that you do encounter ransomeware. In a company, I would suggest 2 offline backups that can be rotated off site. I'd also put one backup in the cloud at a location away from your region, so that you can recover in the event of a large natural disaster. It never hurts to have multiple backups.
Our client tapes are removed each day and 1 weekly taken off site (disaster recovery). Removed each day protects against ransomware. We have not had that because we have really top notch spam control and users delete emails from suspicious or unknown sources.
Security
Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.
32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Do not pay the ransom as many times that does not even work.
Format, reinstall and start over.