Recently my Windows Server 2008 R2 server (with updates in day) was attacked by a Ransomware. Detail, the RDP port was opened for external access, I believe that this was used to the attack.
In addition to having damaged Windows, because it does not start any more, giving logon screen error (initialization failure of the interactive logon process ....), it encrypted my files.
The files was crypt and renamed to:
After a long searching and tips from friends, I was able to identify which Ransomware it was, through https://id-ransomware.malwarehunterteam.com.
According to the site, it is Ransomware Dharma (.cezar Family), but what I think strange is the extension of the files are finished with .bip and not .cezar.
Well, I've tried everything to decrypt the files and no success, I sent sample files to Dr. Web and they informed me that they can´t decrypt.
So I come to ask for help for you, if anyone knows how to decrypt this type of Ransomware please help me.