Hello all and I am glad to be a new member to this site.
I had my Small Business Server 2011 attacked by ransomware, however at first we thought that the server had some sort of other failure as it was hung. After a reboot, the server still did not boot. We then utilized the MS repair disk, in which the repair disk was not able to repair the system, then we rebuilt all of the windows 2008R2 server files and then, it booted up. At that point we realized all of files were encrypted with some sort of ransomware. All of the file directories had a ransom note attached. We believe it is Xorist. We loaded an anti-malware and it appears that the virus was destroyed from the server rebuild. Apparently the backup is also infected.
Edited by hamluis, 09 February 2017 - 12:55 PM.
Moved from Win Server to Ransomware - Hamluis.