Jump to content

Recommended Posts

13 hours ago, Dorrick said:

Also any ideas how we got infected with emsisoft running on this machine

Please note that without any logs (or at least knowing what ransomware it is), all I can do is speculate. Usually (especially with businesses) it happens when an attacker brute forces a password for an account via an open RDP port, remotely connects to a workstation/server, manually disables the Anti-Virus software and any other security in place, and then manually executes the ransomware on the compromised computer. Usually once they have this kind of access to one system on the network, gaining access to the rest is trivial, even if the account credentials they have access to don't work on every computer on the network. They also usually look for and destroy any backups that are accessible from the workstations/servers they gain access to.

 

14 hours ago, Dorrick said:

Any ideas what it is and how we get rid ?

Most ransomware deletes itself after executing, however we need to identify it before we can tell you anything more about it. I recommend uploading a copy of the ransom note and an encrypted file to ID Ransomware so that you can see what they say it is:
https://id-ransomware.malwarehunterteam.com/

You can paste the link to the results here if you'd like for me to review them as well.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...