Hello everybody.
So, my company got infected by teslacript virus early on Feb, since then, I found a machine (runing Windows 7) which i think was the begginig of the problem. All files there were encrypted by Tesla. Another problem is that the infection got a server (runing Windows server 2003) and encrypt something closer 1TB of files with *.mp3 extension (the newer version of tesla).
But no problems about the server and 1TB of encrypted data, the main problem of us here is that SEP doesn't detect the ransomware. It's fully updated and runing, but when I do scans, the endpoint doesn't detect anything about.
I think the ranswomware may not be active cause any new files that I copy there does not get encrypted but when I log on, some windows appear talking about the infection (that my files were encrypted, and how should I do to restore them all) and I can't remove from the windows start up (they copy itself to the startup folder) and by msconfig, unchecking all from the init, they're check itself again, what means the ransomware still runing on the Windows.
So my questions about everything I said before is:
The SEP should detect and remove the ransomware?
Since I got infected (early on Feb) I stard searching on forums to find a way out to decrypt the files (just because they're importat to people who work here - cause we don't do backup of that server and it's explicit on our policy terms). Is there any way to decrypt them? Any Symantec tool that I can use?
Important Point* the infected machine isn't on out network anymore, since I found, I've isolated from the others to use as my test machine.