one of my server is been attacked by .gogoogle ranswomware, machine is windows server 2008r2. Anyone can help regarding this by any chance??
I am not familiar with that specific family but in general, if ransomware has run on your system the choices are:
- Restore from backups if you have them
- Pay the ransom and hope they unlock the data (not always the case)
- Burn the system and restart
There isn’t an easy decision.
Although it might not seem pleasant, you also need to look into how the ransomware was able to exploit the server. At a guess, I’d say this means either someone was using the server as their personal system (checked email, visited websites) or there is an externally facing exploitable vulnerability. Whatever the cause, you need to try and identify this and prevent it happening again.
If it is 2008r2, it’s worth considering option 3 - the OS has been out of extended support for 3 months.
@TazWake thank you very much for detailed answer. We have to give up as none of the backup option was in olace unfortunately, we have build new server on 2019. Thanks though.