Information Request for mitigating Ransomeware attack

Highlighted
Scholar

Information Request for mitigating Ransomeware attack

Hello Friends,

 

Currently, we have an active ongoing attack by randsomeware that we are trying to mitigate. 

 

One, server is already infected and there two other servers that we are trying to stop the encryption process. 

 

Is there anyone who has any information to mitigate this attack

 

Apperciate your assistance in advance.

 

Regards, 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Community Manager

Re: Information Request for mitigating Ransomeware attack

Hi AUICTeam,

 

Please have a look at our KB article here on how to respond/recover to a ransomeware attack.

 

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
3 REPLIES 3
Community Manager

Re: Information Request for mitigating Ransomeware attack

Hi AUICTeam,

 

Please have a look at our KB article here on how to respond/recover to a ransomeware attack.

 

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Scholar

Re: Information Request for mitigating Ransomeware attack

Hello Laksh,

 

Thank you for the response.

Superuser

Re: Information Request for mitigating Ransomeware attack

> One, server is already infected and there two other servers that we are trying to stop the encryption process.

 

Usually servers are not infected, per se, since working by locally logging in to a server computer is not recommended practice. What usually happens is:

 

- Server has public net visible remote access enabled with a weak password. Some hackers, usually from India, find it and they log in, install a legitimate crypto suite (so that AV alert is not generated), encrypt all the data and leave behind a ransom note. This victimization scenario is suprisingly frequent e.g. in Hungary.

 

- A workstation used by an admin rights account is infected with ransomware and it encrypts local drives, accessible networks drives (including shares on the server) and cloud storage sites that have been forgotten in a logged-in state, as well as backups that haven't been removed and remained online.

 

AFAIK, this is by far the most prevalent victimization scenario (and a competitor has already developed a fileserver-specific AV solution to protect against this kind of mishap).

 

- Rarely, a workstation is infected with such a ransomware that can spread in worm-like manner over the LAN and also infects the server OS. I think this is a rather rather occurance, however.

 

Best Regards: Tamas Feher, Hungary.