We have a client that recently got hit by a RansomWare virus that spread to 2 machines on their network. They use McAfee Antivirus along with MalwareBytes the free version. Looks like the virus infected the host machine which had a share which other devices accessed. McAfee and or Malwarebytes may have detected the virus and removed it but it had already done damage by encrypting hundreds of files. The vendor (Refunds Today) recommended that we wipe the drive and start from scratch,which is what we did.

I'm concerned because though we wiped the drive and restored the files (after scanning them with McAfee AntiVirus a second time) the vender has said that in their experience, restoring the files will cause the virus to come back after a few weeks. Is RansomWare not detectable via a virus scan or perhaps we need to switch to another antivirus solution. Wiping a drive is one thing, but destroying all of a customer's files because you're not sure where the virus is hiding is another. Just looking for some advice.

0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


I have seen ransomware leave copies of virus executables in the file share.  If you Audit the file share and remove any executables and corrupted files then you will be fine.   I created an open source program to Audit file shares and detect ransomware in file shares https://ransomwaredetectionservice.codeplex.com/ .  Review any files created after the ransomware infection as well.  Any executeable files or office files with macros created after the infection should be deleted.
Answered 04/12/2016 by: pcooper
Senior White Belt

Please log in to comment
Geez that's a bit of a hard one.

My approach would be to read about about the RansomWare that you got attacked with, read up about the attack vectors and see if you can mitigate them. This would atleast mitigate the issue if the same ransomware is hiding in another file, also removing all exe etc blah blah.

Yeah, thats a complex one. Good luck!
Answered 09/17/2015 by: rileyz
Red Belt

Please log in to comment
Being an user, I have seen these type of virus persists in the backup and as soon as you restore the backup in your system... the virus pops up again.
To get the best from your data.... or to recover your files you may check out this article:
Answered 06/08/2017 by: virat8586
Green Belt

Please log in to comment