Restore from backup or pay the ransom, that is pretty much your two options. Any of these nonsense fixits are nonsense. A couple variants have cracked encryption, but very few are in the wild.
Suspect anything on you're network and anything that has been on your network in the last 6 months. Suspect your backups too. Policy lock USB down. We dealt with this a few years ago at a health department, traced it to a mobile health care laptop, every share root and every USB drive that had been connected had the autorun. Locked down usb, took the server offline and pulled the bad data off. The laptop never made it to ransom stage, but a workstation did. Didn't bother messing with it, pulled it off the network and wiped it. Fyi, shadow copies are your friend, however most variants disable it On Sep 30, 2016 12:41 AM, "Nate Burke" <[email protected]> wrote: Sorry, no tips to help you clean it, but how did the machine get infected? Rogue Webpage, unauthorized software? Did the user run a program they weren't supposed to? On 9/30/2016 12:14 AM, Travis Johnson wrote: > Hi, > > One of our office computers was just infected with "ransomware". It has > encrypted all the files on that computer, plus many files on a server that > computer was connected to. > > Any ideas or suggestions on the best way to try and fix/remove this crap > and unencrypt all the files? > > Travis >
