Ransomware

japster79

japster79

Active Member
Joined
Apr 3, 2010
Messages
73
Reaction score
21
Location
Brakpan
One of my mates company has been hit with ransomware and I understand that the mode of infection can come from various methods. I'm curious, is it in any way possible to trace back to how the infection happened? Like was it via email, usb, someone running some illegal copy of software etc. Can a person determine from which desktop the breach happened?
 
Not a simple task, especially given the SOP of deleting syslogs once infection is done.

Answer depends on the environment, (single/multi site), perimeter controls, etc.

Do you know which variant is in play here?
 
rustypup said:
Not a simple task, especially given the SOP of deleting syslogs once infection is done.

Answer depends on the environment, (single/multi site), perimeter controls, etc.

Do you know which variant is in play here?
Click to expand...
I do not know which it is, I was just told all the files on the system is grayed out, and not accessible, with a text note giving instructions for the decryption, payment etc.
 
japster79 said:
all the files on the system is grayed out
Click to expand...
the file extension is unknown

Depending on variant it is possible the decryption key is still memory resident but this is balanced risk as leaving infected boxes online also exposes the rest of the environment.

Here's hoping they have proper DR in place
 
japster79 said:
I do not know which it is, I was just told all the files on the system is grayed out, and not accessible, with a text note giving instructions for the decryption, payment etc.
Click to expand...
I hope they have proper backups. New crypto version hit over the weekend. NCOV variation I think...
 
We had ransomware hit a couple years back, came in via email .pdf but was.exe, Eset didnt pick it up either.
All Firewalls where up and it spread like covid-19, even got into our Backup images which where not shared openly on the network.

How safe is Linux from these ransomware threats?
 
Hemps said:
We had ransomware hit a couple years back, came in via email .pdf but was.exe, Eset didnt pick it up either.
All Firewalls where up and it spread like covid-19, even got into our Backup images which where not shared openly on the network.

How safe is Linux from these ransomware threats?
Click to expand...

Fairly safe if the security has been setup properly on access control and executables on the sudo list. What more typically happens is that an infected windows pc has write access to a linux hosted drive (file server samba, etc) and the encryption happens from the windows client.
 
Freenas has Snapshots which looks interesting.

Need ideas for an offsite backup of our data stored to a desktop pc at my house.
Work has 20/20Mb fibre, I have 20/5Mb vdsl
Something like Debian base, Proxmox 6 running VM's of Freenas storing data, zfs snaphots and Server 2019 for Active directory system state restore if needed.
 
Did he have RDP enabled to his server from the net?
 
Last edited:
Anyone have FSRM with blocking list enabled on their servers?

Have you had any issues
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X