How can ransomeware .Adobe execute on a newly installed OS? I have a email server running Windows Server 2016 and MDaemon Email software. Last week it was hacked probably by non-standard RDP port i had open and encrypted all files and most of my backups. I was able to recover the email files and configuration within the MDaemon directory. I wiped the hard drive and did a clean install of Windows Server, copied my recovered MDaemon files to the clean hard drive. Reinstalled MDaemon and was up and running. I also closed the RDP port previously open. No no public access to the server except for necessary ports. Yesterday I was encrypted again. Again it seems to have been done from the email server as files on the desktop and everywhere else are encrypted. I have recovered again by the same methods plus a couple of other security enhancements such as new user name and password. My question is how in the hell are they getting into my server and what else can I do to prevent this from happening again. Thank you and happy holidays!