we have been using F-secure for many years.
on 12.09.2018 we found some of our mashines encripted by unknown Ranssomware giving .mammon extensions.
our internal ivestigation found several mashines infected trouh the local network
using administrative rights.
Infected mashines have Ranssomware executable called "system.exe" at c:\users\XXXX\Appdata\roaming /where "XXXX" is username having adminitrative rights on network and local machines/.
Ranssomware is encoding local files but any shared folders accesible trough the network.
yesterday we found basic description on
our report got registered as ref:_00Db0JXpV._5000X1Z5Ar5:ref
we are wondering why F-secure was not able to stop or reduce damages.
we are looking for 2 solutions:
1. how to get protected against any possible further attacs of that kind
2. how to recover / decrypt data that have not been backuped recently.