I got hit with ransomware and long story short, I can't go back to my backup for this folder (I apparently didn't have it retaining data long enough, trust me I have learned a lot here...). On my Certificate Authority (fairly basic PKI for Direct Access) there is a share called CertEnroll that has a few files:
- CA1.domain_CA1-CA.crt
- domain-CA1-CA.crl
- domain-CA1-CA+.crl (only file that didn't get encrypted)
- domain-CA1-CA+.crl
- nserv_msi-CA1-CA.asp
All of the files except the one noted got encrypted by this ransomware... Is there anything I can do to get things fixed up here without completely redoing my CA?
Basically one of my privileged users got hacked and this ransomware was run at an elevated level allowing it to really wreak havoc on my network. I have recovered most all except this and my AD GPO policies as it hit that share too but we didn't realize it until it was too late to pull a backup.
Trust me I realize my stupidity and how big this mistake is but any help on this subject would be much appreciated.
The rest of the server is safe and is running server 2012 R2. The ransomware just hit any share it could find and quickly.
Thanks a lot!
-Jerry