Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Ransomeware and 2012 server and .arena encryption
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ransomeware and 2012 server and .arena encryption

OBHostOBHost Member, Host Rep
edited September 2017 in General

One of our client get hacked by .arena ransomeware encryption, What you guys think how it need to be treat?
How to get the data back as he has some data on it.

.arena extension
Windows 2012 server
ransomeware

Comments

  • How much is your client paying LET to provide a resolution to this issue?

    Thanked by 2Pwner brueggus
  • OBHostOBHost Member, Host Rep

    Here i am only for the resolution if possible for some one to share.

  • The encrypted data is lost, he has to reinstall the OS & restore from backups.

    In the future, he shouldn't run untrustworthy/malware files on his server.

  • mikhomikho Member, Host Rep

    Restore from backups or pay, hem might get something back

    Thanked by 1PieHasBeenEaten
  • It might be a CryptoMix variant or Crysis/Dharma. Usually spread by RDP hacking. Make sure all network shares have passwords, by the way.

    Have Volume Shadow Copies (VSS) been deleted? You could try and restore from that if you're lucky.

    Otherwise, I'm afraid restoring from backup is the only solution. If your client pays the ransom, there's no guarantee he'll get his data back.

    Thanked by 1WSS
  • OBHostOBHost Member, Host Rep

    @M_Ordinateur said:
    It might be a CryptoMix variant or Crysis/Dharma. Usually spread by RDP hacking. Make sure all network shares have passwords, by the way.

    Have Volume Shadow Copies (VSS) been deleted? You could try and restore from that if you're lucky.

    Otherwise, I'm afraid restoring from backup is the only solution. If your client pays the ransom, there's no guarantee he'll get his data back.

    VSS (Shadow Copies) also deleted, No backup right now.

  • mikho said: or pay

    This specific variant often asks for a 2nd payment, so a payment isn't advised in this specific situation.

  • He's boned.

  • OBHostOBHost Member, Host Rep

    Yes, Paying them is not a proper solution as in this case, Its not a guarantee that they will give the key to decrypt it after payment.

  • AlexanderMAlexanderM Member, Top Host, Host Rep

    @OBHost said:
    Yes, Paying them is not a proper solution as in this case, Its not a guarantee that they will give the key to decrypt it after payment.

    Paying just encourages this type of Malware. If you pay you are a fud - there is little to no chance you will actually get your encrypted files back.

    A

  • OBHostOBHost Member, Host Rep

    @AlexanderM said:

    @OBHost said:
    Yes, Paying them is not a proper solution as in this case, Its not a guarantee that they will give the key to decrypt it after payment.

    Paying just encourages this type of Malware. If you pay you are a fud - there is little to no chance you will actually get your encrypted files back.

    A

    Hmm right..

    Thanks every one

  • mikhomikho Member, Host Rep

    In many cases were people paid, not all files were decrypted. Backups is the key. If the customer didn't have backups, he didn't value his files.

Sign In or Register to comment.