My dedicated server have been hit by WannaDecryptor but i've done nothing that could have leaded to an infection of it, how is it possible ?
(and by nothing, I mean litterally nothing, It was on a standby since 3 days, I've connected via the windows remote desktop sooner today and tonight I was infected)
Which Server OS version do you use? If it's Server 2008, it's probable that you haven't used Windows Update to fix the critical exploit that was deployed back in March to fix this. I'm guilty of this also - but I can't seem to find which KB fixes this exploit.
So how do we go about decrypting our files after the virus is removed? It seems like it's the same variation of the old Ransom:Win32.Vigorf.A. All anti-viruses and threads I have seen tell you just how to remove the virus, but has anyone managed to decrypt their files? Also which KB update fixes this exploit? It seems to only affect Windows 7/2008 machines (and probably XP too).
Downloading windows 10 iso, will try to catch the virus on VM, because can't find virus example in Google)
You probably won't be able to catch the virus on anything newer than Server 2012/2016 or Windows 8/10, it only seems to be hitting older operating systems where the exploit isn't fixed due to lack of Windows Updates (correct me if I'm wrong).
I do have the virus archived though, I can share it with you if you wish, if it's not against the forum's rules.
Yes I was... Hope there will be a solution to decrypt, do you think it will be released to the public if the NHS resolve the crypted problem ?