ACCDFISA malware family Files encrypted for randsom

Ransomware 2.0

What a way to start your Monday Morning. Please if anyone can help or who has had the displeasure of having this happen to them, please feel free to help.

Upon logging into the Server 2003 Standard Server, i was greeted with a Anti Child Porn 2.0 Ransomware screen.

You can do absolutely nothing to get rid of this. It seems as though a hacker used the default port of 3389 for RDP access and then used a brute force attack to get onto the server.

Once in, he has password encrypted all of my clients data. The latest backup I have was 2 months ago - which my client will not be happy about.

The hacker then goes on to say that we must pay $5000 for him to send me the password to view the files.

Ive spent the last 10 hours trying to get data restored as soon as possible

If there is anyone else who has been affected by this please can you comment or reply.

PS its Ransomware 2.0 so all of the other decrypters from Panda or Dr Web will not work anymore with the new version of the virus.

Many thanks in advance
 
Won't Panda or Dr Web come out with a new decrypter? Sounds bloody terrifying though, why did the client wait so long to do a backup? What would he have done if the server was stolen?
 
Why were passwords brute-forceable, and why was port 3389 open to the internet? :P
 
Do you have another description (name or anything else) for the ransomware? Microsoft suggests you do not pay the author.

Perhaps give AVG SA or Norton SA a call.

What AV do you have installed?
 
Any other companies got their servers hacked?

We know of 5 different companies, managed by different IT companies who got their servers hacked, data encrypted and ransom asked to decrypt the data.

We are trying to see how widespread this is, anyone with any info please post here.
 
Bern said:
Ouch!! No VPN??? Why did the IT Companies allow RDP on a public address?
Click to expand...

No idea, we just supply software for them. 3 of the companies are our clients, and only 2 have backups. These are already back up and running, not sure what the other one is going to do.

Even if they pay the money how do they know they are going to get there data decrypted.
 
This is a very stupid question but.....do you have an antiVirus installed?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X