Menu
What's new
By:
Filters Better Search

New Ransomware attack "Bad Rabbit"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I had a customer hit twice in the past two weeks by a ransomware (different variants of the same ransomware each times, but not related to the one mentioned here), and neither times did his antivirus (Norton Internet Security) detect anything. Heuristic detection of ransomwares is something I would expect to be easier to achieve - any unsigned executable trying to access everything on your hard disk should trigger some alarm. Somehow, they still manage to stay under the radar :(

Customer got infected twice because I failed to locate the attack vector the first time - I caught it on the second time however, thanks to Windows event logs being still accessible. His attack vector was through an exposed Remote Desktop (customer always refused to have a VPN implemented as it would be too complicated - he once asked me if it was absolutely necessary to have a password on his email account when I created a new email account for him a few years ago :( )

A few years ago, another customer got hit by a ransomware. That time, Trend Micro Worry-Free Security caught it after it had infected a couple of folders, greatly limiting the damage.

My first ransomware victim was running a cloud-based McAfee solution (from their previous IT consultant). After the incident, the manager had me move all their employees from Internet Explorer to Firefox (ActiveX was a big attack vector at the time, and she asked me for mitigation propositions), and the McAfee solution got thrown away and replaced by Eset Endpoint Security.

So overall, not too many victims among my own customers, and each time they were saved by their backups.

So anyone still not using backup solutions, even at home - you REALLY should...
 
RMerlin said:
I had a customer hit twice in the past two weeks by a ransomware (different variants of the same ransomware each times, but not related to the one mentioned here), and neither times did his antivirus (Norton Internet Security) detect anything. Heuristic detection of ransomwares is something I would expect to be easier to achieve - any unsigned executable trying to access everything on your hard disk should trigger some alarm. Somehow, they still manage to stay under the radar :(
Click to expand...
Recently I had a demo from the Sophos product "Intercept X" - they analyze the behavior of a program and can detect ramsonware by it's way to access (or encrypt) things - to me it was quite convincing how they detect AND rollback the ramsonware actions (and it's developed in my home country)!
 
You must log in or register to reply here.

Similar threads

Xentrk
International Cyber Attack Underway May 12, 2017
2
Replies
27
Views
3K
sfx2000
sfx2000
Veldkornet
[Official] DSL-AC68U Firmware Version 3.0.0.4.378_9168
Replies
1
Views
4K
joma_po
J
Similar threads
Thread starter Title Forum Replies Date
PR3MIUM 5Ghoul Attack (5G modems from Qualcomm and MediaTek) General Network Security 0
P News Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack General Network Security 15
L&LD Cisco under attack, again. General Network Security 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 660 (members: 15, guests: 645)
Top