SO, yet another local company has been affected with a Ransomware virus.
This time, it was amnesia strain. Luckily for the client, they had backups and Emsisoft have actually got a decryption tool which works.
It does take some time to decrypt the files, this is because each file is encrypted with a unique key.
The hacker, used a brute force attack, on the standard RDP (Remote Desktop) port (3389).
If you have this port open, and you are running windows server or windows professional which supports remote connection, then make sure you change the default port. It requires a manual registry modification to make the change. Check the FAQ to see how to change the default port number.
