Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Server 2012 Ransomware .Read_Me .Unavailable, all files encrypted


  • Please log in to reply
2 replies to this topic

#1 ITmanDan

ITmanDan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 September 2016 - 08:42 AM

Hi.

 

We've been hit by a ransomware which has encrypted all files on our 2012 server.

 

Every file has the extension ending .unavailable, every file has a duplicate with the filename.Read_me.

 

I have submitted an encrypted file and have clean duplicate if needed. We have tried your Malware package, AVG etc and it finds nothing.

 

We are desperate to solve this ??

 

If there's anything to decrypt, we tried the Apocalypse and Apocalypsevm they didn't work.

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:22 PM

Posted 05 September 2016 - 11:36 AM

Hi ITmanDan,
 
We need the malware file which causes the infection to be able to do anything.
 
Do you have RDP enabled on your server, by any chance?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 ITmanDan

ITmanDan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 September 2016 - 12:00 PM

Hi.

 

Thank you for the reply, we're pulling our hair out here :(

 

We had a network company install it all, it's quite possible, they gave me a remote desktop login for the server. Can i disable it ?

 

Would it help at all to do a file recovery on the drives to see if anything has been deleted or is that pointless ? We really need this running again, although I'm totally against terrorists but we are contemplating paying up !






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users