Server Files Encrypted by .888105.dlock Ransomware – Get Help Now

A member of the BleepingComputer community has reached out for urgent help after a ransomware attack locked down their server. The incident, reported yesterday, has left critical business files inaccessible, with the .888105.dlock extension appended to each encrypted document, database, and other essential data.

The affected system runs Windows Server 2019, and the infection appears to have occurred on 28th May 2026. The scale of the damage is substantial, with approximately 3 to 4 terabytes of data now encrypted. Unfortunately, no backups were available to restore from, and no ransom note has been found on the server.

After discovering the attack, the server was immediately isolated from the network to prevent the malware from spreading. Antivirus and endpoint security scans have been run, but so far, no tool or method has been found to decrypt the files.

The user is now seeking specific guidance from the community. They need help identifying the ransomware family behind the .888105.dlock extension, finding out whether a working decryptor exists, and understanding how to safely collect forensic logs that could pinpoint the initial infection vector. They are also asking for advice on how to attempt data recovery without risking further damage.

To assist with analysis, the user is prepared to provide sample encrypted files. Any expert insight or direction from those familiar with this strain would be greatly appreciated.