To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Information Request for mitigating Ransomeware attack

AUICTeam
AUICTeam Member Posts: 2 Junior Protector

Hello Friends,

 

Currently, we have an active ongoing attack by randsomeware that we are trying to mitigate. 

 

One, server is already infected and there two other servers that we are trying to stop the encryption process. 

 

Is there anyone who has any information to mitigate this attack

 

Apperciate your assistance in advance.

 

Regards, 

 

Comments

  • AUICTeam
    AUICTeam Member Posts: 2 Junior Protector

    Hello Laksh,

     

    Thank you for the response.

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    > One, server is already infected and there two other servers that we are trying to stop the encryption process.

     

    Usually servers are not infected, per se, since working by locally logging in to a server computer is not recommended practice. What usually happens is:

     

    - Server has public net visible remote access enabled with a weak password. Some hackers, usually from India, find it and they log in, install a legitimate crypto suite (so that AV alert is not generated), encrypt all the data and leave behind a ransom note. This victimization scenario is suprisingly frequent e.g. in Hungary.

     

    - A workstation used by an admin rights account is infected with ransomware and it encrypts local drives, accessible networks drives (including shares on the server) and cloud storage sites that have been forgotten in a logged-in state, as well as backups that haven't been removed and remained online.

     

    AFAIK, this is by far the most prevalent victimization scenario (and a competitor has already developed a fileserver-specific AV solution to protect against this kind of mishap).

     

    - Rarely, a workstation is infected with such a ransomware that can spread in worm-like manner over the LAN and also infects the server OS. I think this is a rather rather occurance, however.

     

    Best Regards: Tamas Feher, Hungary.

This discussion has been closed.

Categories