A school district in the United States found that its servers were infected with a cryptovirus. The virus encrypted and inserted the word “decrypt” into the filenames of all affected files. The party responsible for the cryptovirus demanded that the school district pay a ransom in order to get the needed cryptographic key to decrypt the affected files.
After locating and removing the cryptovirus, the school district decided to not pay the ransom and to replace all of the corrupted files with their uncorrupted backup files. The problem was, locating all of the corrupted files scattered across their enterprise and then removing them.
Fortunately, the school district was a Condrey Corporation Galileo customer and the IT people knew that the affected files could probably be located using a Galileo Custom Query report. Because time was of the essence, the school district contacted a Condrey Corporation Support representative who assisted the school district with a Custom Query designed to locate all files that had “decrypt” in the name.
After Generating the Custom Query report, the school district had the locations of all affected files. Deleted the affected files and replaced them with their uncorrupted versions from their backup system.