Ransomware 2018

  • Hey FYI one of my clients got attacked September 17th at 9am. All their files were encrypted and renamed with the file extension crypted_miatellog@aol_com, including links were changed shortcuts registry was changed and shortcuts no longer worked. Just giving everyone out here a heads up. This one is not only encrypting files but taking the computer with it

    0_1537446084249_845ea20f-5f9e-48f5-bc3d-e9939c7824ac-image.jpeg Image-1.jpg

  • Hopefully the client has backups that can be used to recover.

  • I think most take the computer with it if allowed to run long enough.

  • @scottalanmiller said in Ransomware 2018:

    I think most take the computer with it if allowed to run long enough.

    Because the extent is unknown fully, yeah you just reinstall Windows. Although customers with Sophos Intercept X have had a great experience.

  • Ransomware is not fun.

    NotPetya damages were in the 10 billion range. One enterprise I work for at times was down for weeks. Having backup is not enough - you need to be able to access your backup too. When everything is down you don't have any computers to access anything with. Sure you can reinstall but where are your image files? When you do have computers you have no DHCP, no DNS, no AD etc. You have no internet access, no email, no phones. Yeah, backup is not enough. You need an elaborate emergency plan.

Log in to reply