got osiris hack .. 3bt to unlock.. any other way?

[larciel]

employee clicked a zip file

his workstation and whole server files are now locked, redactedwants 3 bitcoin to unlock.. any other way?

*why did only his and server and not other workstations in LAN got locked?

Profanity is not allowed in the technical forums,
Markfw
Anandtech Moderator

 

[pcgeek11]

Wow that is a costly lesson.

 

[lxskllr]

I'm guessing he didn't have permission to access the other machines, and the encryption ran with his permissions.

 

[larciel]

it just scans for all drive letters and encrypt the files.. I had mapped server folder on the desktop and that's why it was infected.

major F&CK

 

[Fardringle]

Wipe the encrypted drive(s) and restore from backup. You do have a backup for the server, right?

 

[pcgeek11]

Wipe the encrypted drive(s) and restore from backup. You do have a backup for the server, right?

Why that would be crazy!

That would have been my First Thought.

 

[larciel]

Lol. If I had backup I wouldn't post be posting here. Anyways I decided to not pay. I'll just start new.

Sent from my LG-H918 using Tapatalk

 

[pcgeek11]

I wouldn't pay either. But I would start with a solid data backup plan.

 

[master_shake_]

hard drives are really cheap.

nas's are cheap too.

what's your excuse?

 

[Fardringle]

Plenty of places have insufficient disaster recovery plans (or none at all). Please use this as an incentive to put one together for your company! Something that can be taken off site (removable drives/tapes or online/remote backup) is my preferred option so you won't lose everything in case of fire or other loss of property. If possible, use two different options for business critical files since backups sometimes fail as well.

 

[larciel]

hard drives are really cheap.

nas's are cheap too.

what's your excuse?

No excuse. I'll certainly stay up all night to start from scratch. That for my laziness to back up.

I'll be optimistic that lost files weren't that important. But then if it was, I'd have backed up sooner. Lol



Sent from my LG-H918 using Tapatalk

 

[Elixer]

Even if you did pay, 70% don't get their data back from a recent survey.
I would revoke that person's privileges until they understand that they could have fubared the whole company's servers.

It isn't only about backups, it is about education. Heck, it is also possible that there was more to that program besides encryption, like installing backdoors, or using your machines as a DDoS bot.

I would strongly look at the firewall's logs for any out of the ordinary IPs, and see how much data has been transferred, and compare it to similar days.
I would also strongly think about reinstalling the OS as well, unless you are darn sure the infection only hit that one machine.

BTW, there are companies out there that have decryptors for free, depending on which malware it is.

 

[sourceninja]

...