A customer of mine has been hit by a new ransomware. It has encrypted all files on a server (and NAS linked). Files names have been randomly changed, but all end with the same suffix. For example: 6RzAIkze-QII38GEd.[RestorFile@tutanota.com]
A ransom note called #Decrypt_Files_ReadMe#.rtf was saved on Desktop of active account.
I tried to upload files to ID Ransomware but it answered that this variant is unknown. So I opened this topic.
Seems that hacker forced RDP connection...
Any feedback would be appreciated.
Please let me know if I must share encrypted files for study purpose.