Was the popup on your laptop of the DC. CRYPTO attacked each mapped drive on the infected device. If it was the DC. That is not good. If it was the laptop, still not good but just wipe and restore.
From: [email protected] [mailto:[email protected]] On Behalf Of D R Sent: Friday, June 12, 2015 2:26 PM To: ntsysadm Subject: [NTSysADM] OT(perhaps) But need direction I am currently onsite working with the IT Admin about a new online ticketing system. Around 12:45pm, I was logged in to the Primary DC via a remote desktop connection from a company provided laptop, wasn't doing a thing, (seriously, I didn't have anything open, had just logged into the server, and I see a window pop-up that looked like a CMD/DOS window, and on the title of that window, in capital letters, it read CRYPTOWALL HAS TAKEN OVER, and then it looks like File Manager screens start popping up and the server starts running to a crawl. I have dealt with this Cryptowall Virus before And the only resolution was to reinstall Windows Server and restore from backup. Is this still the 'fix' for this issue? Or is there something else that can be done. Not in the position to try anything. Just need to know where to go from here so we can help them with this issue. -- Daniel Rodriguez [email protected]<mailto:[email protected]> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
