K
Ken Sheppard
We are running Windows Server 2016 Standard as a single server DC setup. Unfortunately, we got hit with a ransomware attack and were forced to pay the ransom due to backup corruption with the backup drive. The hacker did provide an unlock tool via payment with BTC and the tool does work quite well to unlock our encrypted files. However, there's a few files that I cannot get to unlock but I'm certain those files were protected by the USB backup drive using Windows Server backup. And as part of the attack, the external USB backup drive was also encrypted. The data and folder structure is all there but cannot be used to restore data. My plan is to use the ransomware unlock tool to decrypt the backup drive and then grab those few files using a restore before I completely rebuild the server from scratch. But with the way Windows Server Backup hides the backup drive, I cannot run the decrypt tool as it must "see" the drive with a drive letter.
Is there a way to unhide the Windows Server Backup drive temporarily so I can run the decrypt process? Also, all of the backup files/folders on the backup drive are protected with the SYSTEM account. I need to tweak the security settings to allow my domain admin account to have read/write access to the backup files/folders so that the decrypt tool has total access.
Thanks for any suggestions.
Ken
Continue reading...
Is there a way to unhide the Windows Server Backup drive temporarily so I can run the decrypt process? Also, all of the backup files/folders on the backup drive are protected with the SYSTEM account. I need to tweak the security settings to allow my domain admin account to have read/write access to the backup files/folders so that the decrypt tool has total access.
Thanks for any suggestions.
Ken
Continue reading...