clyde30152
asked on
Ransom Attack
I had a friend of mine with a very small company and a Windows SBS 2011 server that got hit with ransomware. Her backup drive was also taken out by the attack. I was able to help her get a new server up with Windows 2019; however, it would be helpful if we could get her old files back. I see utilities from McAfee and others that may unencrypt, but I know knowing about them. We also have the backup drive and thought about sending that off to be recovered. Any ideas would be appreciated. The suffix on all the files is U8E598.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
how much data and the issue with a cloud deals with the agent and there are some that attack the agent in infect/delete the cloud backup.
Dr.Klahn's a backup offline/rotating.......
Look at backups that provide versioning. idrive is decent, but cost for such might be..
look at s3 glaciar option.
for speed get a UDB external and backup the data then disconnect the external. ...
Dr.Klahn's a backup offline/rotating.......
Look at backups that provide versioning. idrive is decent, but cost for such might be..
look at s3 glaciar option.
for speed get a UDB external and backup the data then disconnect the external. ...
ASKER
Thanks. Does anyone know anything about the AKO ransom? That appears to what have hit my friend's server/
This one is recent, https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/
Spyhunter is seen discussed as able to remove the also from the system.
There is a reference if you search ako ransomeware, there is a decryptor.....
Make sure to test by working on a copy, image of encrypted data
Spyhunter is seen discussed as able to remove the also from the system.
There is a reference if you search ako ransomeware, there is a decryptor.....
Make sure to test by working on a copy, image of encrypted data
Load your files for identification to see if there's an identification. Once it's identified, you can then attempt to track down the decryptor. https://id-ransomware.malwarehunterteam.com/
If it's actually AKO ransomware, you're not going to find a decryptor, based on my searches. It seems that it's still too new and too complex yet to be reversed. Most of the guides show ways to "recover" the files from previous versions of shadow copy and data recovery from the disk. You will need to be sure it's fully removed.
https://howtoremove.guide/ako-ransomware/
https://www.besttechtips.org/how-to-remove-ako-ransomware-and-decrypt-files/
https://www.bugsfighter.com/remove-ako-ransomware-and-decrypt-your-files/
If it's actually AKO ransomware, you're not going to find a decryptor, based on my searches. It seems that it's still too new and too complex yet to be reversed. Most of the guides show ways to "recover" the files from previous versions of shadow copy and data recovery from the disk. You will need to be sure it's fully removed.
https://howtoremove.guide/ako-ransomware/
https://www.besttechtips.org/how-to-remove-ako-ransomware-and-decrypt-files/
https://www.bugsfighter.com/remove-ako-ransomware-and-decrypt-your-files/
ASKER
I saw those links on AKO. There was a local backup, but the backup drive which was using Microsoft Backup, was reformatted. I'm wondering if Ontrack could get the backup back. I may suggest that.
reformatted deep or quick? by whom and when? You could try GETDATABACKNT or you can use ontrack free download to scan the drive and see whether it can recover the data.
ASKER