Ransomware / Crypto Problems

“Hello Andy, our Document Management System isn’t working correctly.”

“OK, let me remote in and take a look. Can you allow me to connect?”

I connected to the user’s PC, looked at the data, and took a deep breath… All of their files, regardless of file type, now ended in “.adobe”.

Upon further inspection, I found evidence of a ransomware attack. The first thing I asked about was their backups. Unfortunately, their backup system used “live” storage i.e.: Their backup media was always attached to the infected server. You guessed it, their backups were compromised as well.

I scanned each computer on their network, cleaning up anything I found. None of the computers caused the problem. I connected to each of the virtual servers and discovered that one of the servers had RDP open and someone was connected. I found the problem!

Long story short:

  1. Make sure you don’t have the ability to remote into your computers enabled. If you trust someone, allow them to remote in to your computer only when you give permission.
  2. Make sure that your backup media is disconnected after your data is backed up, or use an online cloud-based backup service.
  3. Make sure you are using effective passwords (see this article).

If you want to protect yourself and/or your business against ransomware, please give us a call: 936.559.7797

Comments are closed, but trackbacks and pingbacks are open.