Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Share tech news, updates, or what's on your mind.

Sign up to Post

Are you in the migration process of your Exchange to Exchange Online? Be aware of customized solutions developed on the transport role on your old Exchange server. They might not be convertible to Exchange Online!
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same.

In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You can select any of these methods based on your requirements.

EDB mailbox recovery techniques

Technique #1 – Using ExMerge

ExMerge is a free Microsoft tool that can be used to extract mailboxes from an EDB file. The extracted mailboxes can be saved in PST formats and then accessed using Outlook. It is a manual process that requires the access and applications of ExMerge utility.

Note: This method works with Exchange 2003 only. If you have any other version of Exchange server, then skip to technique 2 or 3.

Perform the below steps to undertake this method:

  1. Launch ExMerge utility.
  2. Click the Next button.
  3. Select the Extract or Import (Two Step Procedure) option.
  4. Click the Next button.
  5. Select the Step 1 Extract data from an Exchange Server Mailbox option.
  6. Click the Next button.
  7. Enter details of your Exchange Server to establish a connection with the EDB file.
  8. Click the Next button.
  9. Now select the EDB file.
  10. Click the Next button.
  11. Now, you need to select the mailboxes that you want to extract as PST file.
  12. Select a location to save the extracted PST files.
  13. Click the Next button.
  14. The process will start.
  15. Once this process is completed, click the Finish button.

Benefits of this EDB mailbox Recovery technique

  • Free solution
  • Effective if you have a working connection with Exchange server

Disadvantage of this process

  • Lengthy
  • Needs technical skills
  • Time-consuming
  • You may incur data loss

Technique #2 – Using Exchange Powershell

Before we take you through this technique, we would like to mention that it is a very lengthy and complicated process. So, you should consider applying this process to perform EDB recovery only when you are

  • a technical person
  • able to access Exchange server with sufficient admin rights
  • able to access and use PowerShell
  • well aware of the results of cmdlets being executed
  • ready to incur data loss

If you are not sure about any of the above-listed pointers, then the best solution for EDB recovery is using the Technique #3 given next in this article.

Perform the below steps to apply this process for EDB recovery:

  1. Login to your mail server.
  2. Access command prompt as an administrator.
  3. Perform dirty shut down on the EDB file to be recovered. You can use the below command to perform this action:
    eseutil /mh MyExchange.edb
  4. After dirty shut down is successful, execute the below command to repair the MyExchange.edb file:
    eseutil /r E02 /l "E:\EXDB12\Exchange Server\MyExchange\Logs" /d "E:\EXDB12\Exchange Server\MyExchange\File"
  5. Now, you need to create a recovery database. To do that, execute the below command:
    New-MailboxDatabase -Server mail01 -Name RDB1 -Recovery -EdbFilePath "E:\EXDB12\Exchange Server\ MyExchange\File\ MyExchange.edb" -LogFolderPath "E:\EXDB12\Exchange Server\MyExchange\Logs"
  6. Now, you need to mount the recovery database. To mount the database, execute the below command:
    Mount-Database RDB1
  7. Access the Exchange PowerShell and execute the below command to get a list of the mailboxes available in the EDB file:
    Get-MailboxStatistics -Database RDB1 | fl –auto
  8. Now, you need to restore these mailboxes on an existing Exchange Server. You can do this by executing the below command:
    New-MailboxRestoreRequest -SourceDatabase RDB1 -SourceStoreMailbox "Nav, S" -TargetMailbox newnavS –AllowLegacyDNMismatch
    In the above command, Nav, S is the name of the old mailbox that you will replace the newnavs, which is the name of the new mailbox.
  9. After the above command is executed, you need to check if the process has been completed successfully or failed. You can do that by executing the below command:
  10. If you see the status as completed after executing the command in step 9, then run the below command to remove the restore request:
    Get-MailboxRestoreRequest -Status Completed | Remove-MailboxRestoreRequest
  11. Now, you can export the restored mailbox to a PST file by running the below command:
    New-MailboxExportRequest -Mailbox navs -FilePath //loc/PST/navs.pst
  12. Now, again check the status of this command by executing the below command:
  13. If the status is completed, execute the below command:
    Get-mailboxexportrequest –status completed | remove-mailboxexportrequest
  14. Now, you can delete the original mailbox from which the PST is created by executing the below command:
  15. Now, delete the recovery database by executing the below command on Exchange PowerShell:
    Remove-MailboxDatabase -Identity “RDB1”

Benefits of this technique to perform EDB recovery

  • Free technique
  • Works if executed properly

Disadvantages of this method

  • Complex
  • Lengthy
  • Chances of data loss are high
  • Time consuming
  • Strong knowledge of using PowerShell is must

Technique #3 – Using a Third-party tool

The best among all EDB mailbox recovery techniques is the use of a third-party application that has been specifically designed and developed to reduce your work as an administrator when it comes to deal with Exchange database recovery.

There are many tools available that can help you with EDB mailbox recovery, but one of the best tools is Kernel for Exchange Recovery.

Why Kernel for Exchange Recovery stands among the top tools:

  • Easy to use
  • Works fast
  • Works well even on badly damaged EDB file
  • Works with encrypted EDB files
  • Allows to convert EDB to PST
  • No size limit
  • Delivers satisfied results
  • No technical skills required
  • No need to execute any command
  • No data loss
  • Multiple saving options
  • Free trial version is available as well
  • No change to the original EDB file
  • Supports all versions of Exchange server including 2003, 2007, 2010, 2013, and 2016

In this article, we have disclosed three EDB mailbox recovery techniques. Two of these solutions are manual demanding server level expertise. And, the last one is automated technique that just wants you to select the EDB file, and the rest of the process can be completed in just a few clicks. So, the decision is yours whether you want to take a long journey or want to save your time and data as well with a professional, high-advanced Exchange recovery tool.


Expert Comment

by:jonshen alina
Comment Utility
EDB to PST Recovery Software is well known program that easily recover data from EDB File and migrate EDB files to PST files without creating any problem. By taking help of EDB File to PST Converter Software you can select the emails one by one and export them into Outlook file with email properties- to, bcc, cc, time, subjects and from, email header information and embedded images etc.
EDB to PST Converter Software

Read more:-

Expert Comment

by:jonshen alina
Comment Utility
Exchange EDB to PST Converter Software is the one of the great utility that securely repair corrupted, damaged exchange EDB file and convert EDB mailboxes included- emails, inbox items, outbox items, journals and appointments. Using this EDB Converter Software you can restore EDB to PST, EML, MSG, HTML and EMLX format along with all emails properties and attachments. Software also split the oversize PST File by define size upto 5GB during conversion and also preview the complete emails attachments or items.

EDB to PST Recovery Software
Read more:-  EDB Recovery
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
How to effectively resolve the number one email related issue received by helpdesks.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple and straight-forward, especially when you have planned your activities well; you might encounter some complexities in the process. As a result, you have to put in more than required efforts.This article guides you through the pros and cons of using the right method to export Exchange mailboxes to Office 365.

Based upon the network connectivity, Firewall rule setting, and other similar IT-infrastructure setup, you have to decide amongst the possible migration routes from on-premises mailing system to cloud. Migration also depends on the number of users to be moved to cloud, available skill set and availability of IT resources, and time needed to move the boxes. All these factors cumulatively help you choose the right migration tool for safe and fast completion of the process.

Based the requirement, we have classified the manual methods into the following:

Cutover Migration

Migrate all your mailboxes at the same time and ensure success with cutover migration. This method work best when

1.Migration involves less than 2000 mailboxes.

2.Time is a constraint and mailbox movement is to be done as quickly as possible

Cutover migration is works fast but this method may pose considerable challenges when bulky-mailboxes are moved. If users try to move mailboxes of excessively large size, it may take an unacceptable amount of time for complete migration. The easy-to-go method has limitations and these can be overcome provided the organization has competence to troubleshoot and resolve Exchange-related issues.

Hybrid Exchange Deployment

This method integrates the on premise Exchange environment with Office 365. Move your mailboxes gradually and in series over a period of time with hybrid exchange deployment. Hybrid Exchange as the name suggests maintains a mix of on-premises Exchange and Office 365 email users and integrates the two for unified Exchange environment.

This is one of the most convenient methods as users can access mailboxes both online and offline with same login credentials and administrators have access to manage and have full control on security of passwords policies through Active Directory. Reason being servers used to manage password policies are deployed on-premises.

Staged Migration

Move the mailboxes in batches when you have:

1.To move more than 2000 mailboxes and

2.Time required to move mailboxes in not enough

Staged migration may sound similar to Hybrid Exchange but the difference is that users can’t manage their mailboxes online as well as offline. Secondly, the duration of co-existence of two environments – On-premises Exchange and Cloud is very small. Contrary to the Hybrid environment, staged migration involves moving the mailboxes to Cloud Office 365 in so much time that IT resources do not have to integrate and manage two environments, separately.

IMAP Migration

A little variation in migration environment – IMAP is compatible for migrating non-Exchange environment to cloud Office 365. Generally, this method is adopted to move mailboxes from outdated Exchange server like version 2000 and similar. Though this method is beneficial for the outdated Exchange versions, its migration capacity is limited to Emails only. Users cannot access their Calendar entries, contacts, journals and other related information with the switch to Office 365 with IMAP.

If you are ready to conciliate with your data transfer, opt for IMAP migration.

Third Party Tools

As the name suggests, this method of migration involves migrating mailboxes from platforms like Novel GroupWise or IBM lotus Notes or others to Office365. Vast number of third-party tools are available in the market to help migrate mailboxes to Exchange online. Choose the right method of migration basis the reviews and surveys.

Microsoft support

Moving Exchange to Office 365 is not easy. Keeping in view, Microsoft has come up with support tools to let you decide the right method of migration and conclude migrating with ease.

1.Exchange Server Deployment Assistant: Integrating the hybrid deployment of on-premises Exchange with mailboxes in Cloud may require additional resources. For this reason, Microsoft has released Exchange Server Deployment Assistant tool for this rich-coexistence scenario.Valid for Exchange 2010, 2013 and 2016, Exchange Server Deployment Assistant asks you a set of questions about your current mailbox environment and the requirements. On this basis, it creates a custom checklist and procedures for simplified deployment.

Note: Exchange Server Deployment Assistant assists in migrating non-hybrid on premise Exchange to Office 365 also.

2.Remote Connectivity Analyzer tool: This Support and Recovery Assistant is relatively new to help fix issues related to Office 365 Apps and services. Even after migrating mailboxes, users may face problems with account setup, connectivity and password and in extreme cases Outlook stops responding. Remote Connectivity Analyzer identifies the root cause of the existing problems and suggest an appropriate solution.

You have the understanding of your on premise Exchange environment and you are mindful of your requirements. Now that you are aware of all the manual methods and their advantages and limitations, you must be in the position to choose the right migration method for available Exchange environment.

Exporting Exchange mailboxes to Office 365 may not be as expected, and support and troubleshoot needs time and effort. It is always good to take the help of migration tools like Stellar EDB to PST Converter.

Why Stellar EDB to PST Converter?

Stellar tool is an Exchange Migrator to help you export offline Exchange mailboxes to Office 365 and foregoes the manual process of reconfiguring users on Exchange. The three step process

1.Select Offline Users

2.Preview scanned mailboxes

3.Enter Credentials and Export to Office 365.

ServerConsole.exe grants full mailbox rights to disconnected mailbox.

Explanation with screenshots:

Step 1: Select Offline EDB. From the Homepage, select Offline EDB. Alternately, find the EDB file from the parent folder. Select the right EDB file from drop-down menu. Click on start button

Step 2: Progress bar is displayed showing the progress of file-scanning

Step 3: A preview of the file is displayed in tree-format. Left pane describes mailbox details, middle pane is about mailbox components and right pane is the description of selected mailbox entry.

Step 4: Select Office 365 from the available options and export mailbox data to Office 365

Step 5: Enter the Login credentials for Office365 to exported selected mailbox folders:

Step 6: Selected Exchange Mailboxes are exported to Office 365 with Stellar EDB to PST Converter. 

The Conclusion

Exchange mailbox Migration to Office 365 is a good decision but this should not be done in haste. Analyze the migration-options, comprehend your Exchange environment and select the right method of migration. However, it is a difficult task. To execute such important task, Exchange Administrators need to select but the best and Stellar EDB to PST converter is the finest mailbox migrating tool. It helps you scan your files, displays the preview of the available mailboxes and maintains originality even after exporting mailboxes. And above all facilitates smooth uninterrupted migration. 

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files.

Thankfully, it is still possible to export mailboxes to PST from within the EAC (Exchange Admin Centre) if you are willing to jump through a few hoops. The basic process for exporting mailboxes is,

  1. Create a share to export to
  2. Assign yourself import / export permissions
  3. Export the mailbox

1. Creating a share

As exchange is now mostly managed through a web interface rather than a console you need to setup a share to export these PST files to. It’s up to you where you place this share but make sure:

  • There is enough space for the PST files
  • The Exchange server can access to the share
  • Clean it up after

So, let’s create a share, call it EXUtil$, share it with everyone, full control. For your NTFS Permissions make sure that the Exchange Trusted Subsystem object has full control. 

As a quick test just make sure you can browse to the share from the exchange server and that there are no networking issues stopping you.

2. Import / Export Permissions

Even if you are already a Domain / Enterprise admin you won’t have access to export to PST by default. To set give yourself the correct permissions

  1. Open the Exchange Admin Centre (EAC)
  2. Click Permissions from the left-hand side
  3. Select Admin roles from the top
  4. Click Organization Management from the list
  5. Click the Pencil to edit
  6. Add a member and select the user you wish to give permissions
  7. Click on OK

3. Exporting the mailbox data to PST

First, make sure that you are logged into EAC as the user that you just gave import / export permissions to. Now we need to find the user who we are going to be exporting to PST, click the ellipses (the 3 dots) next to that user and select Export to a PST file from the drop down. 

Now you have an option to export the contents of the mailbox or the contents of the archive. Select the one you want, if you want both you will have to submit two separate jobs. 

Next fill in the path of the share that you created before, also give the PST file a name. 

And finally, select a user whom you wish to notify when the job completes. 

You will be notified when the job starts, completes or fails

Once the job has finished the PST file will appear in the share that you created!

The manual Exchange Recovery process is so complicated that only a technical expert who was worked extensively on Exchange server can perform the whole procedure. A normal user will find this method quite hard to follow and that is where Exchange Recovery tool comes to the rescue. It is specially developed to assist user in performing EDB to PST conversion within minutes. It has a highly user friendly GUI which make even a novice Exchange user to complete whole procedure in three simple steps.


Expert Comment

by:modig ramram
Comment Utility
Get special support from sifo systems exchange server experts .The helpline are active for 24*7 and you can ask any of query related to exchange server data recovery free of cost .
Go for sifo systems edb to pst recovery software and use this application for removal of virus from exchange ,recover of edb file and conversion of edb file to pst file .
Software smartly convert edb file data to pst file with all of data like as inbox,calendar ,notes,contacts,task,etc .

This software has good and very smart working with every of edb file such as edb 2016,edb 2013,edb 2010,edb 2007,etc .

Go for free download of software ,click here :- Sifo Systems edb to pst software

LVL 11

Expert Comment

by:Marshal Hubs
Comment Utility
Official website for Stellar EDB to PST Converter:
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!

Expert Comment

by:amie aroa
Comment Utility
EdbMails EDB to PST is Remarkable software which is placidly Recover EDB mailbox files such as calendars, contacts, notes, Task, Inbox items, journals,embedded images, appointments etc. and Convert that recovered EDB files into various formats like PST, EML, HTML, MSG, it is safe & secure conversion process without any damage to original data. You can convert Bulk Exchange EDB File Mailboxes into MS Outlook PST Format. This software easily converts any size of EDB mailbox into PST file.

For more information visit: Convert EDB to PST
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
LVL 27

Expert Comment

by:Brian B
Comment Utility
For mass mailbox backups in Exchange, you should be using a proper backup and recovery system. See my post, PSTs are not reliable for that purpose.

Expert Comment

by:john carter
Comment Utility
EdbMails EDB to PST Converter Software which allow you to nicely Recover EDB emails mailbox to PST File as well as repair corrupt exchange server database.It can easily findthe EDB location and fix all the issues of EDB file to makes it useable into outlook file. It gives the complete examination of Exchange Databases files to recover and alteration process.This tool can easily export exchange mailbox to PST from Outlook Without distressing the size of Exchange EDB files and easily convert EDB files into PST, EML, MSG, Text and HTML file format with convert all reclaimed Email items into outlook file with along email header, email equities or attachments too. Splitting the generous size of PST file up to 20GB or more during conversion time.

 •      Easily converts EDB to PST files &Restore deleted mailboxes directly from EDB file.
•      It is compatible with all MS Outlook 2000, 2002, 2003, 2007, 2010, 2013 and latest 2016.
•      It compatible with all the windows OperatingSystems like Windows XP, Vista, 7, 8, 8.1 and 10.
•      Also, it provides recovery of all the attachments including contacts and calendar.

EdbMails EDB to PST Converter is the only available software which allows you to convert and export Online as well Offline, both, EDB file to PST format.

For more information visit:
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Exchange Server 2016
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and, as I said, I am not an expert in the cryptography field, I asked other experts on Experts Exchange to allow me to include some of their thoughts on the matter. Thanks to btan and McKnife for all their input (I edited some out for readability, left some out for technical reasons, and included some in various places in the article). 


Let me preface this by saying the best prevention when it comes to any malware is up to date AV/AM software, well tested backups (yes you must test them), and safe computer usage habits. I have also incorporated some suggestions specific to ransomware prevention and more general suggestions on enhancing your computer security.


Encryption programs of the ransomware type are usually not virii, but rather trojans that encrypt your computer files and then the writers (thieves) demand a ransom to decrypt them. If you catch it early, there is a slight chance of decryption, but once you get the Ransomware pop-up, it is generally too late. This is because most ransomware works by silently encrypting your files and when finished it displays the ransom popup. If you either pay the ransom (not recommended) in a timely manner or restore from backup, you will probably be okay.


You CANNOT really trust that you will receive a working decryption key if you do pay the ransom, although it is in the financial interests of those who encrypted your files to decrypt them. Let me be clear though, I am NOT advocating paying. Generally, the cost of decrypting your files will not be worth it, nor a good idea, for several reasons:


  1.  In my opinion, you will NEVER be able to trust the computer again unless you do a complete reinstall of the operating system and any software. The files are not trustworthy either.
  2. The cost of buying a decryption key may be more than your files are worth (going rate, last I looked, was 10 bitcoins, you can do the conversion at, but as of this writing it is $2,752.00 -- it changes VERY frequently).
  3.  Morally it is wrong to support crooks.
  4.  Finally, although there are plenty more reasons even if you decide to pay, users have not reported that they received a working decryption key 100% of the time. As a matter of fact, many users have reported that they had trouble decrypting some files.


So what can you do?




Like location in the real estate market, prevention is everything. Since, if you are successful at preventing anything from happening in the first place, you won't need to worry about anything else. I will deal primarily with methods of prevention. It has become abundantly clear, even before I spoke to others about it, that the cryptography employed in these schemes, although not impossible to break, is difficult in the extreme. So let's look at some measures you can take to protect your computer. 




First and foremost, and not only for this reason, keep good backups and test them regularly. The best backup in the world is useless if you can't restore from it when it is needed. See my article on backups and cloud backups for more information (I especially recommend versioning backups). It is essential that part of your backup routine should be to turn on previous versions/Shadow copy. This is not a difficult task, just follow these steps in Windows:


  1.  Click on the Start ball in the lower left corner of your screen (Windows 8 users start at step 3)
  2. Right click on "Computer" and select properties (alternately, you can just type in system and choose the system control panel from the list). For Windows 7 users, skip to step 8.
  3.  For Windows 8, hover over the top right corner or swipe from the right of the screen to get the search bar.
  4. Click or tap on the magnifying glass symbol to open search
  5.  Click or tap on the down arrow next to Everywhere to change that to Settings
  6.  Type the word System in the search box
  7.  Click or tap the System control panel (in this instance the fourth one down)
  8.  The System control panel will come up (Windows 7 or Windows 8)
  9. Click on the "System Protection" link on the left-hand side of the control panel
  10. If you are not already there, click on the System Protection tab
  11.  Look down at the Protection Settings section, all your internal hard drives and USB drives should be listed here
  12.  Click on each one you want to have system restore points and/or previous versions/Shadow Copy for and then click configure
  13.  On the next screen you will see a section for Restore settings -- there are three options. I suggest the first one
  14.  In the Disk Space Usage section, give it as much as you can afford.  The more room allotted to this, the more restore points and previous versions you will have available to you.
  15.  When you are finished click okay, okay again, save any work and reboot your computer
  16.  You have now enabled system restore and previous versions/shadow copy.


In Windows 8, turn File History on. This backs up selected directories in a Time Machine like fashion. Note that it will only work when the external drive that you designate as the file history drive is connected. And since it will only backup some directories, other measures are called for. A micro tutorial on starting and using File History can be found here. I also recommend using CrashPlan for Windows 7 or Windows 8


Although CrashPlan used locally is free, the cloud option is an excellent value. Another free option is DriveImageXML for Windows 7 or Windows 8. And if you are using Windows 7 don't forget to enable and use the Native backup options. I have said more than once that you can never have too many backups, or to put it more bluntly, files you don't have backed up in two other locations, are files you don't care about. (That is two locations other than your computer, at least one of these should be physically in another geographic area -- that is why cloud backup is helpful.)




This applies to the question of what to do once you have discovered the infection as well. Cryptography infections such as the ones discussed here CAN encrypt network shares that are mapped as a drive on your computer (assigned a drive letter), but they do not encrypt network shares that are either mapped using a UNC path (\\myserver\myshare) or connected to by using a shortcut.  UPDATE: It was pointed out to me that a new variant of ransomware - CryptoFortress - WILL encrypt network shares that use a UNC path.  See this article (also linked to below in the comments). Thanks to Rob Hoffman for the heads up!  So the only real defense is prevention!


So, the best way to be nice to whomever is taking care of the network share and, at the same time, prevent your files stored on it from being encrypted, is to NOT map it as a drive (assign it a drive letter). Either use the UNC path, or create a shortcut to the drive in question and use that. At this time it behooves me to remind system administrators and anyone else in charge of network shares that the most important part of protecting yourself and everyone who uses the share is to set permissions properly.


Follow the Principle of least privilege. The link will take you to explanations and best practices (if you still need them). In this way, if a user does get infected, only the directories they have write permissions to will be encrypted. If policies are set correctly, either using GPOs or the bulk version of CryptoPrevent, you will have a lot less to worry about. Also, your backup routine should be significantly more robust and incorporate better testing than the ones I have outlined here.




Second, have up to date AV/AM software. This will help but don't count on it. Make sure you have heuristics turned on. You also should look into EMET. EMET (Enhanced Mitigation Experience Toolkit) will help protect you from various malware and should be an integral part of your security setup.




Third, practice safe computing (especially since crypto type trojans use social engineering to get people to download and execute them), that means


  •  Be very suspicious of any link that simply says "Click here." If you can't get the exact link by putting your mouse over the link, use extreme caution!
  •  DON'T ever click a link in an email -- if you trust the sender and know their account has not been hacked, type the link directly into your browser's location bar. Even better maintain a virtual machine with a browser installed for this purpose. In that way if it is a malicious link, all you need to do is exit the VM and either delete it or restore it to a previous save point (what is extremely disturbing to me, is that many times the subject line in an email is something you are expecting. One common subject, that carried an infected payload, was "Scan from a Xerox WorkCentre" -- see the most common subject lines that Cryptolocker used in the cryptolocker guide from BleepingComputer linked to at the end of this article. I immediately changed the message sent to users when they scan a document on finding this out.).
  • DON'T click links in any document or webpage unless you know exactly where it will take you. Many sites will have multiple download links. Usually the software you are looking for is linked to in smaller type and/or near the bottom of the page. I have seen several reputable sites which use Google AdWords and have ads with large download buttons that look like the download you are looking for; do not be fooled! These tend to download either download helpers you do not need or Browser helper Objects (BHOs) that purportedly help you download. Either can contain adware and may contain malware. Always look for the real link to the download you are looking for by hovering your mouse over the various download links to see where they will take you.
  •  DON'T ever click a shortened URL in Twitter or the like if you do not know the sender or it appears all by itself (such as a shortened link tweeted to you with no explanation -- if I receive one of these I automatically report the tweet as SPAM). You can often see many examples of these on (e.g., @yourname or @yourname Check this out!
  • DON'T visit websites that harbor malware, that being said, know that many websites subscribe to advertising bots that may send out something known as malvertising (malware advertising). You can get easily infected through malvertising on a legitimate site. Use a browser that protects against this, such as using an adblock plugin, or something like Cocoon for Firefox or WOT for Chrome, or best of all browse in a Virtual Machine).
  • DON'T download software from warez sites (illegal sites -- this includes illegal video and audio). I know this sounds restrictive, but weigh it against having all your most important files encrypted and essentially lost forever (think wedding pictures, birthday pics, or if you're like me and keep all your tax documents scanned in and on your computer -- those as well).




Fourth, use a multi-layered approach to security. You may ask, isn't this what everyone advises against? What you need to understand is that advice against using more than one AV solution means don't use more than one solution that ACTIVELY scans your files. Some applications call this on-access scanning. As long as only one application is allowed to do on-access scanning, multiple applications can run on your machine. For instance, on one of my machines I have Malwarebytes Anti Malware Pro with on-access scanning running and Microsoft Security Essentials with on-access scanning turned off (it doesn't like that, but tough). So to best protect your computer I suggest the following:


In terms of CryptoPrevent (free or Premium), the software is built upon the ideas in the post on CryptoLocker at The CryptoPrevent program makes the necessary changes as outlined in the guide at bleepincomputer; the difference is that the program doesn't require the user to deal directly with the registry. It not only locks down execution of programs from certain directories, you can also create a whitelist of programs that are okay to run (a whitelist is a list of something that has been approved in some way -- in this case if your computer is clean the whitelist contains the names of the programs that AREN'T malware).


This is in comparison to a blacklist, in which you would have to list all the programs you don't want to run (for an example of a blacklist check out the host file mentioned earlier). A whitelist is not only easier to create and maintain, it is also more likely to protect you. If you use CryptoPrevent to its best advantage, you will add all current applications (assuming your system is clean -- CryptoPrevent is just that a preventative measure -- it will NOT decrypt files that have been encrypted) to a whitelist. The program will prompt you to do this. Note that the free edition does not automatically download definition updates, as stated on the bottom of the CryptoPrevent page. The author of CryptoPrevent has created several videos to show it in action. Just remember that these were made by the author:


CryptoPrevent vs CryptoLocker 2

CryptoPrevent in action

CryptoPrevent 2.01


There is also a silent video here that shows CryptoPrevent installation (latest version) on a Windows 7 64-bit machine. Another tool, released by SurfRight (now owned by Sophos), is CryptoGuard.  It should be noted that this is trialware. The software will scan your computer, tell you what needs to be deleted (you can choose what to do with each entry or take the defaults), and will then delete the various occurrences, at least until the trial runs out. CryptoGuard is more intrusive than CryptoPrevent. They work differently, assuming you are using the free version of CryptoPrevent. CP free makes some basic registry changes and enables and changes local or group security policies. CryptoGuard is more of a monitoring application. Learn more on how CryptoGuard works here.


I can't emphasize enough that CryptoPrevent/CryptoGuard or similar software should be just ONE facet of an overall security plan to prevent any malware infection.


For more general cryptography information (and a more technical bent), check out this article by Giovanni Heward:


User MASQ has an excellent post on CTB-Locker as an answer to a question here.


If you are familiar with security blogs, you will be familiar with Krebs on Security. I highly suggest reading Brian Krebs' articles/posts. At any rate he has a post about how to avoid Cryptolocker here. There is also a good article on the Malwarebytes website. And there is a tool to search for and list encrypted files here (the page is also another excellent reference).


Bev Robb, the person who mentored me into E-E, wrote a great article about ransomware on her security blog: There are some great guides if you need further help located here, here, here or here.


It has been pointed out that this guide may give a good preventative solution.  Also, It is worth taking a look at Umbrella by OpenDNS.  They have a blog located at  If you are interested you should especially check out this blog on Umbrella:


I have been a subscriber to the windows secrets newsletter for over a decade (possibly two), and recently their lead article was about Ransomeware and how to defend yourself against it, I received permission to link to it - ou can read it here.  Note that you may have to answer a question before reading the article.  The article was written by Susan Bradley, who is a Small business Server and Security MVP.


User btan pointed me to this page with a bunch of toolkits to help out.  And user Eirman suggested this article in the comments below. The article is about how harmless looking attachments might bring down certain doom. It is a must read. Btan's suggestion is also a must for anyone who has already been bitten.  Another tool for those who have been bitten was pointed out by user btan - check out the locker unlocker tool.

LVL 17

Expert Comment

by:Ajit Singh
Comment Utility
The title stated everything.

What a great piece of article! Seriously I really did enjoyed it! Well described.

Simple things you can do to protect against ransomware attacks:

Stay safe and don’t forget the best protection is always a backup.
LVL 19

Expert Comment

by:Kyle Santos
Comment Utility
Great article, Thomas.
New style of hardware planning for Microsoft Exchange server.
LVL 25

Expert Comment

by:Andrew Leniart
Comment Utility
Hi Abraham, I had to leave for a few days unexpectedly so apologies for the delay in editing.  I should be back in the next few days, however if you would like to have it edited sooner, please use the Request Attention option to contact a moderator who may be able to assist. Other than that, I'll get back on it first thing once I've retuned.

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP server was unavailable.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
LVL 15

Author Comment

by:Sunil Chauhan
Comment Utility

Expert Comment

by:sankara parameswaran
Comment Utility
still inbox rule executing and did not provide any result. Hope it will complete and some results. we are running for office365
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
LVL 10

Author Comment

by:Lisa Hendrickson "CallThatGirl"
Comment Utility
hi Marshal, I use Stellar for converting OST to PST and for PST repairs, sometimes I use Kernal too.

Expert Comment

by:aish smith
Comment Utility
Thanks for this great article, i would like to say that i have found an another tool on internet you should try it once here is the link of this tool
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and External URLs the same. IV. Address book download issue.
LVL 11

Expert Comment

by:Senior IT System Engineer
Comment Utility
This is a very helpful post, thanks for sharing this great article.






Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.