nitop

Member
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About nitop

  • Rank
    New Member
  1. Are there any information available which way Globeimposter 2.0 is using to get active? I read about a possiblity after RDP login attacks. A system in our datacenter, which is affected by GlobeImposter 2.0, is only available trough an VPN tunnel to the customer and directly via NAT from our office location. Our local network has been scanned without any infection found. Although i guess more systems in our datacenter would be affected, if our office network were irrupted. The affected system is a windows server 2012 R2, which was 99% up2date and used for remote desktop services. The ransomware started crypting files this monday (19th June). Only on Windows update was missing (KB4022726 montly rollup). The update was released on 9th June and got installed on 14th, so we have just a time frame of five days not running with the most recent windows updates. CollectStrategy.host CollectStrategy.host.FIXI DeviceModel.host DeviceModel.host.FIXI how_to_back_files.html