New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
How much is your client paying LET to provide a resolution to this issue?
Here i am only for the resolution if possible for some one to share.
The encrypted data is lost, he has to reinstall the OS & restore from backups.
In the future, he shouldn't run untrustworthy/malware files on his server.
Restore from backups or pay, hem might get something back
It might be a CryptoMix variant or Crysis/Dharma. Usually spread by RDP hacking. Make sure all network shares have passwords, by the way.
Have Volume Shadow Copies (VSS) been deleted? You could try and restore from that if you're lucky.
Otherwise, I'm afraid restoring from backup is the only solution. If your client pays the ransom, there's no guarantee he'll get his data back.
VSS (Shadow Copies) also deleted, No backup right now.
This specific variant often asks for a 2nd payment, so a payment isn't advised in this specific situation.
He's boned.
Yes, Paying them is not a proper solution as in this case, Its not a guarantee that they will give the key to decrypt it after payment.
Paying just encourages this type of Malware. If you pay you are a fud - there is little to no chance you will actually get your encrypted files back.
A
Hmm right..
Thanks every one
In many cases were people paid, not all files were decrypted. Backups is the key. If the customer didn't have backups, he didn't value his files.