asked on
Ransom Attack
I had a friend of mine with a very small company and a Windows SBS 2011 server that got hit with ransomware. Her backup drive was also taken out by the attack. I was able to help her get a new server up with Windows 2019; however, it would be helpful if we could get her old files back. I see utilities from McAfee and others that may unencrypt, but I know knowing about them. We also have the backup drive and thought about sending that off to be recovered. Any ideas would be appreciated. The suffix on all the files is U8E598.
RansomwareSBSWindows OSSecurity
Last Comment
arnold
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionSOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Because of the nature of their business, it may not be a disaster; however, for my company it would be. I have four Windows 2019 servers and will have cloud backup setup before the week is over! Any suggestions on which company to use for cloud backup. We have between 1.5 and 2 tb of data on the servers.
how much data and the issue with a cloud deals with the agent and there are some that attack the agent in infect/delete the cloud backup.
Dr.Klahn's a backup offline/rotating.......
Look at backups that provide versioning. idrive is decent, but cost for such might be..
look at s3 glaciar option.
for speed get a UDB external and backup the data then disconnect the external. ...
Dr.Klahn's a backup offline/rotating.......
Look at backups that provide versioning. idrive is decent, but cost for such might be..
look at s3 glaciar option.
for speed get a UDB external and backup the data then disconnect the external. ...
ASKER
Thanks. Does anyone know anything about the AKO ransom? That appears to what have hit my friend's server/
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
This one is recent, https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/
Spyhunter is seen discussed as able to remove the also from the system.
There is a reference if you search ako ransomeware, there is a decryptor.....
Make sure to test by working on a copy, image of encrypted data
Spyhunter is seen discussed as able to remove the also from the system.
There is a reference if you search ako ransomeware, there is a decryptor.....
Make sure to test by working on a copy, image of encrypted data
Load your files for identification to see if there's an identification. Once it's identified, you can then attempt to track down the decryptor. https://id-ransomware.malwarehunterteam.com/
If it's actually AKO ransomware, you're not going to find a decryptor, based on my searches. It seems that it's still too new and too complex yet to be reversed. Most of the guides show ways to "recover" the files from previous versions of shadow copy and data recovery from the disk. You will need to be sure it's fully removed.
https://howtoremove.guide/ako-ransomware/
https://www.besttechtips.org/how-to-remove-ako-ransomware-and-decrypt-files/
https://www.bugsfighter.com/remove-ako-ransomware-and-decrypt-your-files/
If it's actually AKO ransomware, you're not going to find a decryptor, based on my searches. It seems that it's still too new and too complex yet to be reversed. Most of the guides show ways to "recover" the files from previous versions of shadow copy and data recovery from the disk. You will need to be sure it's fully removed.
https://howtoremove.guide/ako-ransomware/
https://www.besttechtips.org/how-to-remove-ako-ransomware-and-decrypt-files/
https://www.bugsfighter.com/remove-ako-ransomware-and-decrypt-your-files/
ASKER
I saw those links on AKO. There was a local backup, but the backup drive which was using Microsoft Backup, was reformatted. I'm wondering if Ontrack could get the backup back. I may suggest that.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
reformatted deep or quick? by whom and when? You could try GETDATABACKNT or you can use ontrack free download to scan the drive and see whether it can recover the data.