Cryptolocker attack with no backup

clicks | 3 months ago | Google AI sentiment -0.60 | comments: discuss | tags: bitcoin

Article preview (bot search)

(Original link:

I’m helping someone that came to me in panic. Their server 2008 r2 standard got hit with cryptolocker and a demand note is present, as usual.
Stupidest thing is that their backup is a WD external drive connected to the server. Obviously that’s also gone.
They negotiated with the “guy” and agreed to pay bitcoin and got their decryptor app. Turns out they have a virtual machine they rdp to, that also got infected and the decryptor that was sent to them won’t work, because the key is different.
Now the situation is that the “guy” will be pissed and demand more money, likely many times more.
What would anyone here recommend appropriate action because now I’ve been called in to help and I’ve agreed to assess the situation....