Select Page

How to protect your servers against Amnesia malware attacks

How to protect your servers against Amnesia malware attacks

Are you seeing files with any of these extensions in your server? – .01, .02, .amnesia, .[Help244@Ya.RU].LOCKED, .CRYPTOBOSS, .[byd@india.com].SON and .@decrypt_2017. If so, then your server is hijacked.

One of the major ransomware virus that is circulating now is the Amnesia malware. Once infected, it locks up your entire server files and encrypts them in such a way that you can no longer use them.


The attackers then demand ransom to decrypt your data. The infected server would display the message:

YOUR FILES ARE ENCRYPTED!

Your personal ID:

[*************]

Attention! What happened?

Your documents, databases and other important data has been encrypted.

If you want to restore files send an email to: s1an1er111@protonmail.com

In a letter to indicate your personal identifier (see in the beginning of this document).

Attention!

* Do not attempt to remove the program or run the anti-virus tools.

* Attempts to self-decrypting files will result in the loss of your data.

* Decoders are not compatible with other users of your data, because each user's unique encryption key.

Today we’ll see how Amnesia malware can affect your servers and how you can protect them from an attack.

See how we help web hosting companies

How Amnesia malware affects your Windows servers

Amnesia malware is a ransomware virus family that targets system files and encrypts them using AES-256 algorithm in ECB mode. It targets via RDP (remote desktop services), access the victim server and execute the malware.

The amnesia ransomware loads itself into the system’s memory and then encrypts all the files and rename them instantly. Then it generates a ransom note  and displays it in the server.

It also gains information about the server details, data, approximate geographic location, IP address and unique decryption key before doing the encryption process. It affects all critical files and appends ‘.amnesia’ string to these files.

Once encrypted by the amnesia malware, the files will no longer be readable and may show up as blank icons. It also deletes the server’s recovery points so shadow copies cannot be used to recover the files once encrypted.

Though the malware displays a ransom note for you to get back your files, paying ransom and expecting the files to be returned to you, is the last thing you should be doing.


Are your servers vulnerable?

We can help you patch your servers, do a full-site security testing and secure your services from attacks.

SECURE MY WINDOWS 2003 / 2008 SERVERs

Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES