At 8.10 a.m during a hot July morning, while I was going to the office, I receive an image on whatsapp. It was a client. A really strange thing! I was in late and I cannot see well the image and after 5 seconds a message: “Alberto, what is this?”. Curious and a worried I stopped and I saw the image: the client had made a photo of the PC screen and I read “WARNING we have encrypted your files with Crypt0L0cker virus”.
It wasn’t the “goodmorning” I was waiting!
I immediately call the client to explain what it was happened (encrypted files quite impossible to decrypt) that obviously very worried asks me what we can do because also the invoice system was impossible to open. The virus had struck a part of the archive and the most part of the file systems. A disaster!
The first thing I have suggested to do is remove the network cable from the PC in order to avoid others damage caused by the virus.
Verified the extend of damage and settled Windows, thanks to the good antivirus Virit and the good technical support that has given me the list of the files damaged, I have reassured the client that all the files damaged were recovered from the backup!
The client fortunately had adopted a remote backup solution so it was sufficient to synchronize all the files from our Linux systems to the client server: recovered all, also all the files of the database.
I think that the client had the possibility to test and appreciate the backup system adopted.