Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


332 posts

Ultimate Geek
+1 received by user: 6


Topic # 230524 27-Feb-2018 23:58
Send private message

Well we got another ransomware attack.

 

This one was on the individual pc.

 

The window is a notepad file called HELP ME PLS.TXT

 

If you want to restore your files write to

 

lismark.posnov@aol.com

 

then there is a really long key

 

Someone did open a dodgy email. The window is different from lasttime, so could be a different ransomeware.

 

Nod32 did not pick it up and we had malwarebytes and that did not pick it up either.

 

It hasn't got to the server this time.

 

Luckily we have got good backups.

 

 

 

 

 

 

 

 


Filter this topic showing only the reply marked as answer Create new topic
17119 posts

Uber Geek
+1 received by user: 4855

Trusted
Lifetime subscriber

  Reply # 1965441 28-Feb-2018 00:10
10 people support this post
Send private message

You really need to engage someone experienced and heed their advice. Advice in a forum is only going to get you so far. 

 

Free advice, go and get something like Sophos Intercept X and put it on every computer. 

 

If you can't afford this, consider Webroot which is super cheap. 

 

You need to start applying best practice to your organizations IT needs and it's not going to be free. 

 

A good Firewall device like a Sonicwall TZ 300 and Capture ATP will also do wonders for you.

 

You need to get your staff trained up so they don't click on every link in emails or open every attachment.

 

 

 

 




332 posts

Ultimate Geek
+1 received by user: 6


  Reply # 1965449 28-Feb-2018 01:46
Send private message

Thanks I will try those
If experience is needed then I will get it.

xpd

Chief Trash Bandit
8764 posts

Uber Geek
+1 received by user: 1277

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 1965459 28-Feb-2018 07:56
Send private message

Did that machine have port 3389 open (RDP)  by any chance ?





XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

Battlenet : XPD#11535    Origin/Steam/Epic/Uplay : xpdnz

 

Sea of Thieves Down Under


3073 posts

Uber Geek
+1 received by user: 749


  Reply # 1965479 28-Feb-2018 08:53
3 people support this post
Send private message

Ford:

 

It hasn't got to the server this time.

 

 

It may not have activated on the server, but that doesn't mean that it hasn't got to it, or to other machines on your network,

 

To be Honest, until you have a good look you will not be able to tell where it has got to....


17119 posts

Uber Geek
+1 received by user: 4855

Trusted
Lifetime subscriber

  Reply # 1965521 28-Feb-2018 09:32
4 people support this post
Send private message

Ford: Thanks I will try those
If experience is needed then I will get it.

 

Sorry in advance, and this will likely sound rude, but it's genuinely not intended to, the evidence is present you already need that experience. Two infections in a few days is pretty concerning. The cost to your business is likely far more than it would have cost to set the system up to prevent it in the first place. 

 

Are you their contracted IT person, or an internal employee tasked with looking after your companies IT?




332 posts

Ultimate Geek
+1 received by user: 6


  Reply # 1965919 28-Feb-2018 14:49
Send private message

RDP is closed off completely.

 

We never had port 3389 open at any time because we use dedicated ports for each machine.

 

We do engage an IT person, but again knowledge and time is limited.

 

Unfortunately I don't have any say in what actually gets purchased. I'm only a staff member myself.

 

But I'm going to look into some products myself. The ransomeware disables Nod32 antivirus and windows firewall. I'm thinking about other firewall software or even a hardware firewall.

 

I don't know how good Malwarebytes premium actually protects with its Ransomeware or if it will stop an attack if someone opens another dodgy email.

 

All Machines including the server scan clean with Nod32 Malware premium and Hitman pro

 

 

 

 

 

 

 

 




332 posts

Ultimate Geek
+1 received by user: 6


  Reply # 1965923 28-Feb-2018 14:56
Send private message

I'll try out the webroot free for 30 days

 

 


xpd

Chief Trash Bandit
8764 posts

Uber Geek
+1 received by user: 1277

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 1965944 28-Feb-2018 15:06
Send private message

Sounds like it might be similar to this.....  .styver

 

Can be distributed by hacking through an unprotected RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injections, fake updates, repackaged and infected installers.  List of file extensions that are encrypted: These are MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, etc. 

 

So the usual......  

 

 

 

For anyone who is hit with a  ransomware virus, can give this a shot on the off chance its an older release - https://www.nomoreransom.org/en/index.html

 

 





XPD / Gavin / DemiseNZ

 

For Free Games, Geekiness and Reviews, visit :

 

Home Of The Overrated Raccoons

 

Battlenet : XPD#11535    Origin/Steam/Epic/Uplay : xpdnz

 

Sea of Thieves Down Under


17119 posts

Uber Geek
+1 received by user: 4855

Trusted
Lifetime subscriber

  Reply # 1965965 28-Feb-2018 15:46
Send private message

We have had no serious infections on sites with Webroot or Sophos. Sophos was having a promo recently which made it an exceptional value. Unfortunately, it's ended. I still consider it the gold standard in Malware/AV/Crypto prevention but unless you have a big budget, it probably is a stretch.

 

I don't love Sophos Firewalls, however, Sophos Endpoint, Intercept X and a Sophos firewall make a super attractive solution, with a single management interface. 

 

 

 

 


251 posts

Ultimate Geek
+1 received by user: 46


  Reply # 1966456 1-Mar-2018 12:48
One person supports this post
Send private message

networkn:

 

We have had no serious infections on sites with Webroot or Sophos. Sophos was having a promo recently which made it an exceptional value. Unfortunately, it's ended. I still consider it the gold standard in Malware/AV/Crypto prevention but unless you have a big budget, it probably is a stretch.

 

I don't love Sophos Firewalls, however, Sophos Endpoint, Intercept X and a Sophos firewall make a super attractive solution, with a single management interface. 

 

 

 

 

Having a little diversity helps. People that used all the same product (ie Sophos) got hammered when Wannacry hit. I'd also add an email filter/antispam solution with sandbox detection.


Filter this topic showing only the reply marked as answer Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.