Hi all,
I have a server running Windows 2003 that has been infected with ransomware.
The ransomware ID tool did not come up with any ID.
It does seem to be an encrypting ransomware that has overwritten the master boot record.
Windows boots for a second, but immediately goes to the ransom screen.
I cannot go any further. Maybe I could take out the hard drive and try to access it somehow, but I have no experience in booting hard drives.
The attacker gives email address kotypot@inbox.lv and demands 350 USD in bitcoin
I have ordered bitcoin to my account and waiting for it to clear in case I must go with the last-ditch option of paying up.
I am not sure what to do. Any advice is greatly appreciated.
I took a photo of the ransom screen: https://drive.google.com/open?id=1dswuYT1AXYcXH_eMAYKhOWWaXed_d38s
Edited by helpwithransomware, 07 December 2017 - 11:42 AM.