Hi Guys and Gals
I have a client who has had a server compromised on Christmas day. I am unsure how it managed to get UAC access to the server because RDP has security rights and a previous ransomware (August 2015) was limited to a workstation only (share was recovered from backup)
The server seems to have been drive encrypted (RAID 0) similar to Truecrypt/Bitlocker
The server backup was on two external usb drives - as backup storage they do not show up in windows explorer. Now one is showing blank and one is showing RAW on another computer. I have run a 'repair' but cannot pick any system images which it should have.
I cannot located this ransomware on ID ransomware, I think closet thing might be Petya
The hackers printed out 250 copies on the printer of the following:
Also, this is the screenshot at boot:
On replying to them the amount has increased to 9 bitcoins.
Appreciate any help and I'm game if any further info required
Embarassed and Angry