- Anti-Virus Apps
- Ransomware
- SBS
- Windows OS
- Server Software
- Security
Ransom Attack
I had a friend of mine with a very small company and a Windows SBS 2011 server that got hit with ransomware. Her backup drive was also taken out by the attack. I was able to help her get a new server up with Windows 2019; however, it would be helpful if we could get her old files back. I see utilities from McAfee and others that may unencrypt, but I know knowing about them. We also have the backup drive and thought about sending that off to be recovered. Any ideas would be appreciated. The suffix on all the files is U8E598.
This is why off-site and air-gapped backups are necessary. It is a hard (and often expensive) lesson to learn, but as Ben Franklin said, "Experience is a dear teacher."
The current state of ransomware is such that there are few effective decrypters for the modern viruses. While there were holes in the encryption for older viruses, modern ransomware uses with lengthy, randomly chosen, effectively uncrackable keys.
Whatever you do, do not pay the ransom. The current standard in ransomware is to encrypt the files, take the ransom, and not deliver the decryption.
Note that even if the files can be decrypted, that system is still infested with who knows what and nothing in it can never be trusted again. Having delivered one payload into that system, it is safe to assume that the ransomware is not the only thing in it. If there are no secondary backups it will be necessary to erase the drive (not just reformat it) and reload Windows and any layered products from scratch. It's a pretty fair assumption that the ransomware is not the only thing that was loaded into that system.
If you did not erase the drive before reloading Windows, I strongly encourage you to do so.
The current state of ransomware is such that there are few effective decrypters for the modern viruses. While there were holes in the encryption for older viruses, modern ransomware uses with lengthy, randomly chosen, effectively uncrackable keys.
Whatever you do, do not pay the ransom. The current standard in ransomware is to encrypt the files, take the ransom, and not deliver the decryption.
Note that even if the files can be decrypted, that system is still infested with who knows what and nothing in it can never be trusted again. Having delivered one payload into that system, it is safe to assume that the ransomware is not the only thing in it. If there are no secondary backups it will be necessary to erase the drive (not just reformat it) and reload Windows and any layered products from scratch. It's a pretty fair assumption that the ransomware is not the only thing that was loaded into that system.
If you did not erase the drive before reloading Windows, I strongly encourage you to do so.
Some known ransomware could be decrypted.
Unfortunately. The nature of ransomware .. depending on value of data, only remaining option s to see what the cost would be. Note the risk of paying and getting nothing.
On the old server are you able to determine how ransomware got in,? Email attachment,?
Unfortunately. The nature of ransomware .. depending on value of data, only remaining option s to see what the cost would be. Note the risk of paying and getting nothing.
On the old server are you able to determine how ransomware got in,? Email attachment,?
Because of the nature of their business, it may not be a disaster; however, for my company it would be. I have four Windows 2019 servers and will have cloud backup setup before the week is over! Any suggestions on which company to use for cloud backup. We have between 1.5 and 2 tb of data on the servers.
how much data and the issue with a cloud deals with the agent and there are some that attack the agent in infect/delete the cloud backup.
Dr.Klahn's a backup offline/rotating.......
Look at backups that provide versioning. idrive is decent, but cost for such might be..
look at s3 glaciar option.
for speed get a UDB external and backup the data then disconnect the external. ...
Dr.Klahn's a backup offline/rotating.......
Look at backups that provide versioning. idrive is decent, but cost for such might be..
look at s3 glaciar option.
for speed get a UDB external and backup the data then disconnect the external. ...
Thanks. Does anyone know anything about the AKO ransom? That appears to what have hit my friend's server/
This one is recent, https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/
Spyhunter is seen discussed as able to remove the also from the system.
There is a reference if you search ako ransomeware, there is a decryptor.....
Make sure to test by working on a copy, image of encrypted data
Spyhunter is seen discussed as able to remove the also from the system.
There is a reference if you search ako ransomeware, there is a decryptor.....
Make sure to test by working on a copy, image of encrypted data
Load your files for identification to see if there's an identification. Once it's identified, you can then attempt to track down the decryptor. https://id-ransomware.malwarehunterteam.com/
If it's actually AKO ransomware, you're not going to find a decryptor, based on my searches. It seems that it's still too new and too complex yet to be reversed. Most of the guides show ways to "recover" the files from previous versions of shadow copy and data recovery from the disk. You will need to be sure it's fully removed.
https://howtoremove.guide/ako-ransomware/
https://www.besttechtips.org/how-to-remove-ako-ransomware-and-decrypt-files/
https://www.bugsfighter.com/remove-ako-ransomware-and-decrypt-your-files/
If it's actually AKO ransomware, you're not going to find a decryptor, based on my searches. It seems that it's still too new and too complex yet to be reversed. Most of the guides show ways to "recover" the files from previous versions of shadow copy and data recovery from the disk. You will need to be sure it's fully removed.
https://howtoremove.guide/ako-ransomware/
https://www.besttechtips.org/how-to-remove-ako-ransomware-and-decrypt-files/
https://www.bugsfighter.com/remove-ako-ransomware-and-decrypt-your-files/
Explore More ContentExplore courses, solutions, and other research materials related to this topic.
-
![]()
received a Solution
Need Malware, Virus, and Ransomware protection for older Windows Server 2008 -
![]()
wrote an Article
![]()
The Ransomware Attack That Wasn’t
-
![]()
created a Video
![]()
[Webinar] Multi-Vector Protection from Cyber attacks
-
Explore Cloud Class® ![]()
CompTIA Security+ (Exam SY0-501)
Premium Content
You need an Expert Office subscription to comment.Start Free Trial