Mick Maidens

Member
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Mick Maidens

  • Rank
    New Member
  1. Hi Arthur, Yes I had already read that post on securing any RDP access. We already require VPN for remote access but it did occur to me that someone cold possibly have brute forced the router password and connected that way so i have also set that to allow remote only from one IP address. Having said that our suspicion is that a member of staff opened an infected email. on both occasions the day before the attacks myself and several members of staff received the "from the HMRC" email. Also only four computers were encrypted, both servers the backup manager PC and one client. Anyway that is an aside as there is no way to know as everything has been restored from cloud backup. My concern was just that i had your AV set up the optimum way. I am also thinking of adding a USB disconnect utility so that the USB backup drive is connected just before the backups and disconnected just after they finish. My thinking is that the data would be safe if the drive was disconnected (logically not physically). Also is there any benefit from running a complete scan on a Sunday? Any suggestions would be appreciated, thank you for your help.
  2. I have been hit by the latest version of Rapid Ransomware twice now. Each time we have done a complete restore from cloud backup. We used Kaspersky and the virus ignored it and encrypted everything around it. The Backup Management PC had Microsoft Defender running and the Virus ignored it and encrypted everything around it. In fact at one point i had the Defender screen up with a big tick in the Anti-Ransomware box and the legend "You need do nothing you are protected" with all the icons in the background encrypted (the entire machine was encrypted, again except the antivirus and basic OS). It also happily encrypted Malwarebytes (it did not ignore them) but i have since learned that their anti ransomware does not work on servers. So my question is what is the best configuration for your software to protect my Servers? I have set it to quarantine and email me and to run full scan twice a day. But even the full malware scan only seems to take 5 minutes. I am concerned I am missing something. My servers are running Windows SBS 2011 Premium. So 1 exchange and 1 SQL. Thanks for any advice.