Recently had a non-managed client hit by the LeChiffre Ransomware which encrypted their entire data share on the Windows Small Business Server 2008 that they have been using for some time. Here is what the virus left in every folder along with adding the word LeChiffre (aka encrypt) to the end of all files:
This company was at least partially protected – even though they made the cardinal mistake of not having anti-virus on the server, they did have recent backups that were usable. Used the backup to restore the files that were effected by the virus and everything seemed good for a couple weeks until they realized that the backup set was incomplete and didn’t include some vital files related to their website. Found and used the LeChiffre Decryptor from Emisoft to try and recover the remaining files from the server, but ended up having mixed results. They were able to open GIF and PNG files but DOC and PDF files were hopelessly corrupted.
This infection of the LeChiffre Ransomware is just another lesson to those who think that their systems are just fine. Please take the time to contact us for a free security evaluation, so that a proper plan can be put in place to protect vital company documents from being lost to situations like these.