I’ll try my best to dissect what’s going on. After seeing a thread pop up http://mpsocial.com/t/i-had-backup-files-but-it-has-aes-ni-0day-how-can-i-remove/11548 about AES NI 0day encryption ransomware.
I found this piece of news, a few reddit thread, and ongoing reports affecting top servers.
The TLDR; Your server may be h@cked by ransomware stuff.
What can you do? I’m still trying to find for information.
This link below was source from reddit, not entirely sure of it’s legitimacy nor it’s capabilities. They do have a /legit/ twitter https://twitter.com/malwrhunterteam
Use at your own discretion
Apparently the link below is to identify it, but it probably does not decrypt it for you. I don’t have any files to test.
ID Ransomware is a free website that helps victims identify what ransomware may have encrypted their files. The site is able to identify over 300+ ransomware families by specific filename extensions and patterns, ransom note names, known hex patterns, email addresses, BitCoin addresses, and more. If a ransomware is identified, ID Ransomware will give the victim a distinct status on whether it is known to be decryptable or not, and will provide a link to a credible source for more information.
How can you protect yourselves from future exploits?
- Always update to the latest windows
- Use a continuous sync backup like dropbox, gdrive, megasync