Looks like it hits anyone without a patched Exchange..... so your IT team should be getting slapped :D

If they're restoring, then thats pretty much only thing that can be done.

Restore, don't pay the ransom, and PATCH PATCH PATCH.

Also good time to ensure your AV definitions are updating on workstations, and remind people not to open dodgy emails.

xpd:

Looks like it hits anyone without a patched Exchange..... so your IT team should be getting slapped :D

If they're restoring, then thats pretty much only thing that can be done.

Restore, don't pay the ransom, and PATCH PATCH PATCH.

Also good time to ensure your AV definitions are updating on workstations, and remind people not to open dodgy emails.

 

Snip................Out of interest as someone is not an IT admin, how do you keep to date with Exchange updates? Do you have to manually check all the time and roll out updates or does Microsoft send you messages or emails about urgent updates?

One of the most outrageous Exchange hacks was anounced a week or two ago and it was plastered all over the press and IT media outlets, how could you miss that, it beggars belief, sorry not trying to sound narky but honestly its like saying you were not aware we are currently in a pandemic.

If your organisation continues to operate on prem Exchange servers and is so un aware then find a new IT provider or staff.

Edit: purhaps its a good time to contemplate moving to Google Workspace or o365

Cyril

The latest cases of Exchange being attacked have been heavily publicised around the world with hundreds of thousands of servers being compromised - estimates of 30,000 in the USA alone.

If you run your own Exchange server (or any server) on-premises your team have to be responsible for keeping up. No excuses. 

Hate to be that IT team.....    but seriously, if your IT team were not aware of the major issue thats been going on, they need a serious review. 

As @networkn mentioned, I'd be getting in a 3rd party to audit your servers etc . If internal support missed a major Exchange patch, what else has been left to its own devices.

This is assuming you're in a company with a dedicated team - if its down to one guy "who built a PC in the 80's", then its time to look at outsourcing your server/maintenance.

networkn:

 

You also need to understand, it's more than a little likely, your data has been exfiltrated and they may use that to further blackmail you, or to target your customers suppliers and contacts. 

 

TELL YOUR CUSTOMERS AND CLIENTS THAT YOU HAVE BEEN PWNED.... 

as mentioned above otherwise they are at risk as likely targets using data obtained from your breech ....

Hi, is this still the same IT guy?

https://www.geekzone.co.nz/forums.asp?forumId=86&topicId=198890

Cyril

I would strongly consider moving to Office 365. Consider the problems you've had (including right now where you've been pwned) and just make the jump. Not only would it improve email delivery to potential customers, it'll also prevent things like this happening.

Also get a new competent IT company looking after your on-premises stuff. Don't go for cheap, go for reviews if possible. I'm also sure there are plenty of people here who fit that bill.

cyril7:

Hi, is this still the same IT guy?

https://www.geekzone.co.nz/forums.asp?forumId=86&topicId=198890

Cyril

Hatch:

We’ve been told that the likely culprit for our security breach is someone opened a ransomware file.......

The culprit is the ransomware "publisher".

I hope your organisation isn't actually labeling a staff member as "the culprit" of the security breach. A culprit commits an illegal or evil deed. That is not a term that should be used for an inadvertant mistake even if it is negligent or doesn't follow the prescribed procedures.

https://www.speartip.com/resources/black-kingdom-ransomware-exploiting-exchange-vulnerabilities/

Black Kingdom (also known as DEMON or DemonWare) is the latest malware seen within networks leveraging the Microsoft Exchange vulnerabilities as an initial entry point to push ransomware. The vulnerabilities continue to be heavily exploited with the large uptick in ransomware cases related to these vulnerabilities beginning around March 2^nd when public alerting began along with proof of concept exploits being released.

Your "IT guy" is just trying to cover his butt. 

Get a real IT tech/company on board going forward.

cyril7: If your organisation continues to operate on prem Exchange servers and is so un aware then find a new IT provider or staff.

michaelmurfy:

 

I would strongly consider moving to Office 365. Consider the problems you've had (including right now where you've been pwned) and just make the jump. Not only would it improve email delivery to potential customers, it'll also prevent things like this happening.

 

Also get a new competent IT company looking after your on-premises stuff. Don't go for cheap, go for reviews if possible. I'm also sure there are plenty of people here who fit that bill.

 

Yeah I would also ditch the old guy and get Office 365, Where are you based? @Hatch 

If you in hamilton we have a small team that love to do office migrations and fix things!