Ok folks: I have never seen a Virus, Ransomeware or Malware attack that I could not find here till now. “.keepcalm”
A friend of mine has been nailed with this thing while he was gone over the weekend.
It only attacked his Server 2012 SR2 and VM's. The odd part is, it did not encrypt everything just some files..
He was running Clamwin and Sentinel. Oddly it removed both of them with out a trace.
Also? The malware screen that pops up says nothing about payment for decryption.
All files that were hit were renamed .keepcalm
We have tested the renamed files to see if it just did a mass rename? No go, you rename the extension and the file blows up talking about encryption.
The only thing we can find is listed here...
I do not like the idea that this ransomeware is not listed anywhere I could find on Google, or Bleeping Computers! Also.. Once on the page all it advertises is the company that wants to "Scan for free" then charge you to remove it. The company?
All seems to me to be really fishy..
OH! and you can install anything you want and run it.. The network was unaffected only the server!
What have we tried, other than what I listed above?
Malwarebytes and list of other Antivirus, Malware, Spyware and Ransomeware testers.. they ALL show the system is clear.
We are truly open to any thoughts.