Sign in to follow this  
Hungnd

My server is attacked by ransomware and I couldnt decrypt

Recommended Posts

I was also infected with the same ramsomware, we have a server 2008 R2 and the Ramsomware is Xorist, 

check the screen shoot here: http://prntscr.com/f7py29

but i download the decryptor but it says that this: http://prntscr.com/f7pyx3

I add the 2 file and still the same, but now i reset the server and now the server is lock when i reboot it is showing the text file with the info to pay the ramsomware

under the "HOW TO DECRYPT FILES" Here is the info:

 

************************************************************
SYSTEM DAMAGED! FILES WILL BE DELETED!
URGENT ATTENTION!
************************************************************
To restore your files and access them, you need to pay 6 bitcoins
Bitcoins have to be sent to this address: 14HNKK5uJeZ2rt96Pi9K2U6jbpCWyRrz5M
After payment contact us to receive your password key.
Contact Email : [email protected]
With subject (Personal ID) : error66733200124
In order to purchase Bitcions you can use :
www.coinbase.com
www.localbitcoin.com
============================================================
IMPORTANT! IF YOU DON'T PAY IN MAXIM 24 HOURS ALL YOUR FILES
WILL BE PERMANENTLY DELETED!!!

=============================================================

 

Is there a way that i can scan the server offline or something like that? im able to restore my files from the backup,this one also removed the shadow copies.

any help will be appreciated

 

Thanks 

Share this post


Link to post
Share on other sites

There's an active discussion of Xorcist here at bleepingcomputer.  It looks like running the wrong decryptor messes with some of the encrypted files?  Maybe you'll understand better.

And if you have backups, that's great.  I am definitely no expert, but I would backup the encrypted files just in case and leave them offline.  Then do a complete wipe and install R8 again.  Then see if you can restore from backup.

There's Emsisoft Emergency Kit here which has a commandline scanner.  So if you  can do Startup Recovery and get into dos mode, you should be able to run this tool from a usb stick.....I think.  Good Luck

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.