New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to restore server after Ransomware attack?

in General
Hello guys,can any server experts suggest what can be done in these situations to restore the site?
Comments
Backups, but they are rare in such cases.
There is nothing much you can do now if it is a new ransomware. My suggestion is as follow:
1) Complete backup of your server in another machine
2) Wait until someone found the decryption key
At least you still have a chance to retrieve the data back few months to years later. Don't just format it without backup thinking it is impossible.
Moreover, most ransomware only encrypt the first X% of the files. If some of your files are raw (Text files, logs, raw images...), you still can retrieve part of the data.
Join Nigh sect.
Or just format to FAT32.
Is this a local server or in a datacenter? Consult with your provider if its hosted. Hope you have backups!
I would post on LET and ask there. That is what all professionals do.
I believe OP is building a knowledge base based on replies on LET. I know some dude (that got banned before) was doing it.
I think you are right. Either that or OP is offering server support(z) to clients and asking for a friend
Welcome back mate
People generally run a business on a subject they are well versed in.
Hosting industry seems to be the opposite.
I think it due to hosting business are quite easy business to set up, it only when there issue that need fixed is when the near zero experience of the owner become apparent.
And yet they still didn't fix their login page...
@teamacc
I once tagged @teamaccc so frequently that he gave me a warning.
Good old times.
The OP doesn't care.
It's easier for them to start meaningless threads on LET than to fix their login page.
If they don't care about what the mods say... @deank
This was on his last thread
The end is nigh.
It is simpler than what you think, just pay the hacker the ransom.
And then get ransomed few days later again.
But why? He runs a ‘24/7 emergency hotline’ that fixes these exact problems.
I think @Amitz was being sarcastic
I think @doghouch was being sarcastic too
Maybe I was being sarcastic too
In that case, I was being sarcastic too
lol I think we have some recursive sarcasm going on here..
I think I stack overflowed from sarcasm.
Use two fingers first.
You don't.
Nuke the filesystem and boot sector from Orbit. Then, restore from backups onto a secured fresh OS install.
Sorry to say this, but If you have to learn this lesson, make sure you don't learn it more than once.
I keep my TempleOS images on a ReiserFS partition.