Onsite Backups Are Not Enough

Even high-tech companies with multiple onsite backups are vulnerable. Just yesterday ransomware called Mamba struck a firm in Cologne, Germany. It encrypted the entire disks on their servers and destroyed the contents of their backup USB drives and backup NAS server.

After the attack, the servers rebooted and displayed this message:

 

Attempting Boot From Hard Drive (C:) To decrypt contact srv123@scryptmail.com enter password:

Since the entire hard drive is encrypted, you don't have many clues as to the variant of ransomware you are dealing with. The chances of finding an effective method of decrypting the drive without the ransomware key are low or non-existent.

This type of attack is especially malicious. At the German firm, it detected external drives and files on networked devices, destroying backup files and encrypting other networked data drives.

Your choices are limited in this situation:

1. Restore your data from a cloud backup. 
2. Restore your data from backup sets on media not connected to your network. 
3. Pay the ransom and hope that the decryption process works.

To pay the ransom, you correspond via email with the thieves. They use an anonymous email service such as scryptmail.com. The email company needs to keep the attackers' accounts active even after reports of illegal activity; otherwise, victims would not have the option of getting out of a terrible situation by paying the ransom.

Your best protections are recent, complete cloud backups and strong, current antivirus protections.