Even high-tech companies with multiple onsite backups are vulnerable. Just yesterday ransomware called Mamba struck a firm in Cologne, Germany. It encrypted the entire disks on their servers and destroyed the contents of their backup USB drives and backup NAS server.
After the attack, the servers rebooted and displayed this message:
Attempting Boot From Hard Drive (C:) To decrypt contact srv123@scryptmail.com enter password:
Since the entire hard drive is encrypted, you don't have many clues as to the variant of ransomware you are dealing with. The chances of finding an effective method of decrypting the drive without the ransomware key are low or non-existent.
This type of attack is especially malicious. At the German firm, it detected external drives and files on networked devices, destroying backup files and encrypting other networked data drives.
Your choices are limited in this situation:
- Restore your data from a cloud backup.
- Restore your data from backup sets on media not connected to your network.
- Pay the ransom and hope that the decryption process works.
Your best protections are recent, complete cloud backups and strong, current antivirus protections.