The ransomware virus destroyed the files in the SYSVOl and NETLOGON folders on all CDs, who can advise in this case?

K

kinderya2020-05-13 23:19:04

Active Directory

kinderya, 2020-05-13 23:19:04

There are 3 domain controllers. The ransomware virus (.harma) penetrated one of them and encrypted the SYSVOl and NETLOGON folders, and later, during replication, penetrated the rest. Perhaps someone can suggest a solution to the problem.
The sysvol and netlogon folders raised from the shadow copy can help

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

D

Dmitry Shitskov, 2020-05-13
@kinderya

No backups or VSS snapshots

I'm afraid that's all.

A

Artem @Jump, 2020-05-14
Tag

who can advise in this case?

Use this situation as a visual aid about the benefits of backups, setting access rights and the harm of working under the administrator.

C

CityCat4, 2020-05-14
@CityCat4

I would advise something, but I'm afraid the author may follow my advice literally ...
If I were your director, I would pay the extortionist (if there is a contact there, because many cryptographers are made by shkolota and there is not even soap there) - and then I would withhold this the amount of your salary :)

A

Armenian Radio, 2020-05-14
@gbg

Change gender, move to Mexico

M

Maxim Yaroshevich, 2020-05-14
@YMax

Run... throw away your phone and run... Make backups at your new job.