Ransomware

japster79

Member
Joined
Apr 3, 2010
Messages
29
One of my mates company has been hit with ransomware and I understand that the mode of infection can come from various methods. I'm curious, is it in any way possible to trace back to how the infection happened? Like was it via email, usb, someone running some illegal copy of software etc. Can a person determine from which desktop the breach happened?
 

rustypup

Senior Member
Joined
Jan 28, 2016
Messages
697
Not a simple task, especially given the SOP of deleting syslogs once infection is done.

Answer depends on the environment, (single/multi site), perimeter controls, etc.

Do you know which variant is in play here?
 

japster79

Member
Joined
Apr 3, 2010
Messages
29
Not a simple task, especially given the SOP of deleting syslogs once infection is done.

Answer depends on the environment, (single/multi site), perimeter controls, etc.

Do you know which variant is in play here?
I do not know which it is, I was just told all the files on the system is grayed out, and not accessible, with a text note giving instructions for the decryption, payment etc.
 

rustypup

Senior Member
Joined
Jan 28, 2016
Messages
697
all the files on the system is grayed out
the file extension is unknown

Depending on variant it is possible the decryption key is still memory resident but this is balanced risk as leaving infected boxes online also exposes the rest of the environment.

Here's hoping they have proper DR in place
 

MightyQuin

Honorary Master
Joined
Oct 6, 2010
Messages
16,751
I do not know which it is, I was just told all the files on the system is grayed out, and not accessible, with a text note giving instructions for the decryption, payment etc.
I hope they have proper backups. New crypto version hit over the weekend. NCOV variation I think...
 

Hemps

Honorary Master
Joined
Jan 19, 2009
Messages
10,210
We had ransomware hit a couple years back, came in via email .pdf but was.exe, Eset didnt pick it up either.
All Firewalls where up and it spread like covid-19, even got into our Backup images which where not shared openly on the network.

How safe is Linux from these ransomware threats?
 

Mystic Twilight

Expert Member
Joined
Dec 23, 2010
Messages
1,992
We had ransomware hit a couple years back, came in via email .pdf but was.exe, Eset didnt pick it up either.
All Firewalls where up and it spread like covid-19, even got into our Backup images which where not shared openly on the network.

How safe is Linux from these ransomware threats?
Fairly safe if the security has been setup properly on access control and executables on the sudo list. What more typically happens is that an infected windows pc has write access to a linux hosted drive (file server samba, etc) and the encryption happens from the windows client.
 

Hemps

Honorary Master
Joined
Jan 19, 2009
Messages
10,210
Freenas has Snapshots which looks interesting.

Need ideas for an offsite backup of our data stored to a desktop pc at my house.
Work has 20/20Mb fibre, I have 20/5Mb vdsl
Something like Debian base, Proxmox 6 running VM's of Freenas storing data, zfs snaphots and Server 2019 for Active directory system state restore if needed.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
22,335
If you can identify the type of ransomware used, you can look for the decryption tool for it.

 

rog163

Well-Known Member
Joined
Jun 25, 2015
Messages
186
Did he have RDP enabled to his server from the net?
 
Last edited:
Top