shut it down, the longer its on the more files its going to encrypt. hopefully it's just a DC and not a file server.
If nothing is needed from the server, wipe and reinstall. Then the fun begins, finding what computer is the source. Date: Fri, 12 Jun 2015 13:34:52 -0500 Subject: Re: [NTSysADM] OT(perhaps) But need direction From: drod...@gmail.com To: ntsys...@lists.myitforum.com Oops?!? What do you mean 'Oops'!?! Nothing good comes after 'Oops'! On the DC Server. On Fri, Jun 12, 2015 at 1:31 PM, David McSpadden <dav...@imcu.com> wrote: Was the popup on your laptop of the DC. CRYPTO attacked each mapped drive on the infected device. If it was the DC. That is not good. If it was the laptop, still not good but just wipe and restore. From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of D R Sent: Friday, June 12, 2015 2:26 PM To: ntsysadm Subject: [NTSysADM] OT(perhaps) But need direction I am currently onsite working with the IT Admin about a new online ticketing system. Around 12:45pm, I was logged in to the Primary DC via a remote desktop connection from a company provided laptop, wasn't doing a thing, (seriously, I didn't have anything open, had just logged into the server, and I see a window pop-up that looked like a CMD/DOS window, and on the title of that window, in capital letters, it read CRYPTOWALL HAS TAKEN OVER, and then it looks like File Manager screens start popping up and the server starts running to a crawl. I have dealt with this Cryptowall Virus before And the only resolution was to reinstall Windows Server and restore from backup. Is this still the 'fix' for this issue? Or is there something else that can be done. Not in the position to try anything. Just need to know where to go from here so we can help them with this issue. -- Daniel Rodriguez drod...@gmail.com This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. -- Daniel Rodriguez drod...@gmail.com
