Are you seeing files with any of these extensions in your server? – .01, .02, .amnesia, .[Help244@Ya.RU].LOCKED, .CRYPTOBOSS, .[byd@india.com].SON and .@decrypt_2017. If so, then your server is hijacked.

One of the major ransomware virus that is circulating now is the Amnesia malware. Once infected, it locks up your entire server files and encrypts them in such a way that you can no longer use them.

The attackers then demand ransom to decrypt your data. The infected server would display the message:

YOUR FILES ARE ENCRYPTED!

Your personal ID:

[*************]

Attention! What happened?

Your documents, databases and other important data has been encrypted.

If you want to restore files send an email to: s1an1er111@protonmail.com

In a letter to indicate your personal identifier (see in the beginning of this document).

Attention!

* Do not attempt to remove the program or run the anti-virus tools.

* Attempts to self-decrypting files will result in the loss of your data.

* Decoders are not compatible with other users of your data, because each user's unique encryption key.

Today we’ll see how Amnesia malware can affect your servers and how you can protect them from an attack.

See how we help web hosting companies

How Amnesia malware affects your Windows servers

Amnesia malware is a ransomware virus family that targets system files and encrypts them using AES-256 algorithm in ECB mode. It targets via RDP (remote desktop services), access the victim server and execute the malware.

The amnesia ransomware loads itself into the system’s memory and then encrypts all the files and rename them instantly. Then it generates a ransom note  and displays it in the server.

It also gains information about the server details, data, approximate geographic location, IP address and unique decryption key before doing the encryption process. It affects all critical files and appends ‘.amnesia’ string to these files.

Once encrypted by the amnesia malware, the files will no longer be readable and may show up as blank icons. It also deletes the server’s recovery points so shadow copies cannot be used to recover the files once encrypted.

Though the malware displays a ransom note for you to get back your files, paying ransom and expecting the files to be returned to you, is the last thing you should be doing.

How to protect your Windows servers from Amnesia malware ransomware

When the Amnesia malware encrypts your files, it may not be possible to decrypt them without the use of the decryption key. A combination of the AES and RSA encryption is used to take over the victims’ files.

If your servers are running insecure and outdated Microsoft Windows Server 2003 or Windows Server 2008 OS, and other vulnerable or outdated versions, then you are at risk.

To protect your servers, it is important to perform these security measures:

1. Always keep the latest backups of your servers in a secure location, inorder to retrieve and restore them without much downtime.
2. Configure a reliable anti-virus security program in the server that is fully up-to-date and capable of intercepting the Amnesia malware and other such threats.
3. Keep the server software and OS updated with all the relevant security patches, without any delay.
4. If you are already attacked, you need to reinstall the server and restore your server data from this confidential backup.
5. Mail servers should be secured and all outgoing and incoming emails should be scanned for malicious attachments or viruses.
6. Secure the server files, ports and network to protect it from hackers and regularly audit the servers and network for any vulnerabilities.
7. All software downloads should be monitored and controlled to prevent users from installing malicious scripts in the server.
8. Use strong spam-filtering techniques to prevent inbound spamming and methods to avoid email spoofing.

[ You don’t have to lose your sleep to keep your servers secure. Our Hosting Support Specialists are online 24/7/365 to save your servers. ]

How can we help secure your Windows servers

At Bobcares, our security experts help secure servers for web hosts by updating them with the latest security patches and hardening the network and services.

With our regular top-down security audits and multi-layered security defenses, we enable our customers’ servers to stay impenetrable against any new threats or vulnerabilities.

Some of the security measures that our 24/7 server specialists perform in our customers’ Windows servers to protect them from attacks, include:

1. Maintaining the Windows server software and applications updated with the latest security patches.
2. Disabling email spoofing with the help of RDNS (Reverse DNS), Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) tools for domains.
3. Monitoring the server logs and processes 24/7 for any suspicious activity and taking prompt corrective actions.
4. Restricting user privileges and application permissions to block unwanted binaries from messing up the server.
5. Deploying web and email filters to scan and block suspicious domains and email attachments from reaching the server.
6. Configuring the latest anti-virus and other malware scanning tools that can identify and block malicious scripts.
7. Setting up a fool-proof backup policy for critical server data and regularly validate the data integrity.
8. Enabling data encryption for all critical services and securing web browsers with appropriate content controls.
9. Securing the server using firewalls, disabling unwanted ports and protocols and segregating network into security zones.
10. Conducting periodic security audits and Vulnerability Assessment and Penetration Testing (VAPT) to detect any exploits.

Much like how a fort is secured by a moat, canons, archers and steep walls, effective server security can be ensured only with multiple layers of defenses.

[ You don’t have to lose your sleep over your server security. Our server specialists secure your servers in no time. ]

At Bobcares, our 24/7 server specialists constantly monitor all the services in the server and proactively audit the server for any errors or corruption in them.

With our systematic debugging approach for service or other software errors, we have been able to provide an exciting support experience to the customers.

If you would like to know how to avoid downtime for your customers due to errors or other service failures, we would be happy to talk to you.