Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Microsoft Server 2003 data encryption over big file

  • Please log in to reply
No replies to this topic

#1 Wallak


  • Members
  • 45 posts
  • Gender:Male
  • Location:Zaragoza, Spain
  • Local time:07:01 PM

Posted 28 July 2015 - 01:45 PM

We've found (on some customers) a new wave of attacks over non-protected or up to date Microsoft Server 2003 (even there is no kind of support nowadays for it)


We think this attack and encryption has some similar actions as in 2014 appeared to be spreading but ...


Ok, the information:


Two Servers, both with Microsoft Server 2003 and remote access not secured (weak password)


First Server lost all data and after the attack only appears a big file named BACKUP (> 10GB) and the text (russian pirate) asking for 3000€ to recover the data sending an email to a 'mail.ru' address with the IP as reference (curious)


Second Server that performs the data backup over a NAS lost all data from it and also the NAS (which was linked to), appearing TWO big files named BACKUP-1 and BACKUP-2 also, theorically, encrypted


Seems they made somekind of encrypted wallet (as old time before) and put all the data inside, just moving it (so, no way to look for deleted data)


We can not send more info at the moment, we only have the big files and nothing more, a plain text with short instructions to do.


Any idea? We think this new wave of attacks respond to an old vulnerability not covered or repaired, so now the dammage is done and we would like to know if there is some kind of hope for these customers or the new ones that soon will appear.


Thanks for reading.



Wallak (aka Alik)

Меня зовут Алик


IT Specialist, SPAIN




BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users