My office was hit by this exact same kind of attack. It came in through RDP over a nonstandard port. Started encrypting a multi-terabyte network share before I physically pulled the plug. Luckily had a backup from 24h before. Lesson: RDP exposed anywhere on the internet is NEVER safe. All covered with VPN and IP restrictions now.
Sigh. Scott On Wednesday, July 18, 2018, lopaka polena <lopa...@gmail.com> wrote: > I do use RDP frequently but never through default ports. Bummer there's no > way to fix it without paying and no guarantee even if you pay. I still do > hardcopy backups onto blu-ray discs at times because I can't afford to lose > certain things to NAS failure or malware > > lopaka > > On Wed, Jul 18, 2018 at 5:14 PM, Thane K. Sherrington < > th...@computerconnectionltd.com> wrote: > > > There are a whole bunch of free decryptors available, but not for this > > variant. Basically, when the criminal group gets taken down, often they > > get the key and then the AV company makes a freeware program for people. > > Very nice of them. > > > > Some useful pages I've found during this mess: > > > > https://id-ransomware.malwarehunterteam.com/index.php > > > > https://heimdalsecurity.com/blog/ransomware-decryption-tools/ > > > > T > > > > > > On 18-Jul-18 6:50 PM, lopaka polena wrote: > > > >> https://support.kaspersky.com/viruses/utility > >> > >> Never tried any of these but did read an article where they tested some > of > >> these and were able to recover some users files > >> > >> lopaka > >> > >> On Wed, Jul 18, 2018 at 2:30 PM, Winterlight < > winterli...@winterlight.org > >> > > >> wrote: > >> > >> )Does anyone know if the ransomware encryption encrypts the file to a > new > >>> > >>>> file, then deletes the old one (giving me the possibility of deleted > >>>> file > >>>> recovery)? If so, what software is recommend for an Windows NTFS > >>>> system > >>>> (so far, Recuva and R-Studio have found squat). > >>>> > >>>> I am surprised it encrypted the entire drive. Everything I have read, > or > >>> been told it involved the user files. I have never heard of a single > >>> instance where the victim was able to recover their files without the > >>> key. > >>> I have read about people who pay up but still don't get the key which > >>> didn't surprise me. Even large companies, hospitals, and government > >>> agencies have been unable to overcome this, and usually pay up. I bet a > >>> lot > >>> of IT employees loose there jobs over being so unprepared to deal with > >>> this. > >>> > >>> 2)If he decides to pay the ransom and take his chances, what are legit > >>> > >>>> sites to purchase bitcoin (never done that before)? > >>>> > >>>> I have read that the ransom note often tells the victim how to go > about > >>> getting and transferring bit coin. Which make a lot of sense given that > >>> bit > >>> coin is so esoteric and most of the victims are naive about basic PC > >>> stuff. > >>> I have also heard of bit coin machines in places like NYC.There are > legit > >>> banking sites on line to do this... I would Google it. I understand > that > >>> I > >>> think it is Citibank that now deals with bitcoin. > >>> > >>> Sorry I don't have the answers you are looking for and too bad they > can't > >>> put these criminals in prison.... for a very long time. > >>> > >>> > >> > > > > > > >