Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


333 posts

Ultimate Geek
+1 received by user: 6


Topic # 230524 27-Feb-2018 23:58
Send private message

Well we got another ransomware attack.

 

This one was on the individual pc.

 

The window is a notepad file called HELP ME PLS.TXT

 

If you want to restore your files write to

 

lismark.posnov@aol.com

 

then there is a really long key

 

Someone did open a dodgy email. The window is different from lasttime, so could be a different ransomeware.

 

Nod32 did not pick it up and we had malwarebytes and that did not pick it up either.

 

It hasn't got to the server this time.

 

Luckily we have got good backups.

 

 

 

 

 

 

 

 


Filter this topic showing only the reply marked as answer Create new topic
17939 posts

Uber Geek
+1 received by user: 5169

Trusted
Lifetime subscriber

  Reply # 1965441 28-Feb-2018 00:10
10 people support this post
Send private message

You really need to engage someone experienced and heed their advice. Advice in a forum is only going to get you so far. 

 

Free advice, go and get something like Sophos Intercept X and put it on every computer. 

 

If you can't afford this, consider Webroot which is super cheap. 

 

You need to start applying best practice to your organizations IT needs and it's not going to be free. 

 

A good Firewall device like a Sonicwall TZ 300 and Capture ATP will also do wonders for you.

 

You need to get your staff trained up so they don't click on every link in emails or open every attachment.

 

 

 

 




333 posts

Ultimate Geek
+1 received by user: 6


  Reply # 1965449 28-Feb-2018 01:46
Send private message

Thanks I will try those
If experience is needed then I will get it.

xpd

Chief Trash Bandit
8908 posts

Uber Geek
+1 received by user: 1318

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 1965459 28-Feb-2018 07:56
Send private message

Did that machine have port 3389 open (RDP)  by any chance ?





XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

Battlenet : XPD#11535    Origin/Steam/Epic/Uplay : xpdnz


3303 posts

Uber Geek
+1 received by user: 884


  Reply # 1965479 28-Feb-2018 08:53
3 people support this post
Send private message

Ford:

 

It hasn't got to the server this time.

 

 

It may not have activated on the server, but that doesn't mean that it hasn't got to it, or to other machines on your network,

 

To be Honest, until you have a good look you will not be able to tell where it has got to....


17939 posts

Uber Geek
+1 received by user: 5169

Trusted
Lifetime subscriber

  Reply # 1965521 28-Feb-2018 09:32
4 people support this post
Send private message

Ford: Thanks I will try those
If experience is needed then I will get it.

 

Sorry in advance, and this will likely sound rude, but it's genuinely not intended to, the evidence is present you already need that experience. Two infections in a few days is pretty concerning. The cost to your business is likely far more than it would have cost to set the system up to prevent it in the first place. 

 

Are you their contracted IT person, or an internal employee tasked with looking after your companies IT?




333 posts

Ultimate Geek
+1 received by user: 6


  Reply # 1965919 28-Feb-2018 14:49
Send private message

RDP is closed off completely.

 

We never had port 3389 open at any time because we use dedicated ports for each machine.

 

We do engage an IT person, but again knowledge and time is limited.

 

Unfortunately I don't have any say in what actually gets purchased. I'm only a staff member myself.

 

But I'm going to look into some products myself. The ransomeware disables Nod32 antivirus and windows firewall. I'm thinking about other firewall software or even a hardware firewall.

 

I don't know how good Malwarebytes premium actually protects with its Ransomeware or if it will stop an attack if someone opens another dodgy email.

 

All Machines including the server scan clean with Nod32 Malware premium and Hitman pro

 

 

 

 

 

 

 

 




333 posts

Ultimate Geek
+1 received by user: 6


  Reply # 1965923 28-Feb-2018 14:56
Send private message

I'll try out the webroot free for 30 days

 

 


xpd

Chief Trash Bandit
8908 posts

Uber Geek
+1 received by user: 1318

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 1965944 28-Feb-2018 15:06
Send private message

Sounds like it might be similar to this.....  .styver

 

Can be distributed by hacking through an unprotected RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injections, fake updates, repackaged and infected installers.  List of file extensions that are encrypted: These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, etc. 

 

So the usual......  

 

 

 

For anyone who is hit with a  ransomware virus, can give this a shot on the off chance its an older release - https://www.nomoreransom.org/en/index.html

 

 





XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

Battlenet : XPD#11535    Origin/Steam/Epic/Uplay : xpdnz


17939 posts

Uber Geek
+1 received by user: 5169

Trusted
Lifetime subscriber

  Reply # 1965965 28-Feb-2018 15:46
Send private message

We have had no serious infections on sites with Webroot or Sophos. Sophos was having a promo recently which made it an exceptional value. Unfortunately, it's ended. I still consider it the gold standard in Malware/AV/Crypto prevention but unless you have a big budget, it probably is a stretch.

 

I don't love Sophos Firewalls, however, Sophos Endpoint, Intercept X and a Sophos firewall make a super attractive solution, with a single management interface. 

 

 

 

 


309 posts

Ultimate Geek
+1 received by user: 69


  Reply # 1966456 1-Mar-2018 12:48
One person supports this post
Send private message

networkn:

 

We have had no serious infections on sites with Webroot or Sophos. Sophos was having a promo recently which made it an exceptional value. Unfortunately, it's ended. I still consider it the gold standard in Malware/AV/Crypto prevention but unless you have a big budget, it probably is a stretch.

 

I don't love Sophos Firewalls, however, Sophos Endpoint, Intercept X and a Sophos firewall make a super attractive solution, with a single management interface. 

 

 

 

 

Having a little diversity helps. People that used all the same product (ie Sophos) got hammered when Wannacry hit. I'd also add an email filter/antispam solution with sandbox detection.


Filter this topic showing only the reply marked as answer Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.