I had a ransomeware virus attack on a server 2 weekends ago. Somehow the server was missing AVAST. I installed the latest version, downloaded updated files and did a boot time scan. AVAST found all sorts of funky files and a few executables were quarrantined with a file name that included "payco6aka". I got rid of the ransomware HTML files it left in all subdirectories. I then restored database and other files that were corrupted. The server worked fine for just over 2 weeks.
Saturday I got a call about strange happenings. It was another virus. This time it changed files to a different file type naming them "3ncrypt3d". One workstation was affected this time.
EBU.exe Threaat: Win32Malware.gen was moved to the chest.
Then there were 2 zip files that were said to be decompresson bomp with (42110)
Can one tell which ransomware attack occurred by the file renaming convention?
How did such get past AVAST and how can I make sure this never happens again?
