ngoctuan 0 Posted May 10, 2017 Share Posted May 10, 2017 Hi all member Eset Forum! I use Eset smart Security have licence to 8/2017.But Eset Smart Security not find Ransomware AES-NI. I think Eset database not have tool find Ransomware AES-NI.Now all data in my pc not recover again. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted May 10, 2017 Administrators Share Posted May 10, 2017 As far as I know, this Filecoder is run manually by an attacker after remoting in via RDP for instance. Therefore besides upgrading to v10 which contains ransowmare protection module, you should also consider disabling RDP or at least securing it. Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 10, 2017 Share Posted May 10, 2017 More info on this ransomware here: https://www.bleepingcomputer.com/news/security/aes-ni-ransomware-dev-claims-hes-using-shadow-brokers-exploits/ Note that malware developer was bragging about using the recently disclosed Shadow Broker exploits so I do hope your PC has been applying Win OS and MS software security updates as soon as they are offered via Win Update processing. Most security researches as noted in the posted link reference doubt developer's claim and as Marcos stated believe this malware was delivered via RDP brute force attack. In any case, make sure your PC is fully patched. Link to comment Share on other sites More sharing options...
ngoctuan 0 Posted May 11, 2017 Author Share Posted May 11, 2017 20 hours ago, Marcos said: As far as I know, this Filecoder is run manually by an attacker after remoting in via RDP for instance. Therefore besides upgrading to v10 which contains ransowmare protection module, you should also consider disabling RDP or at least securing it. 1 hour ago, itman said: More info on this ransomware here: https://www.bleepingcomputer.com/news/security/aes-ni-ransomware-dev-claims-hes-using-shadow-brokers-exploits/ Note that malware developer was bragging about using the recently disclosed Shadow Broker exploits so I do hope your PC has been applying Win OS and MS software security updates as soon as they are offered via Win Update processing. Most security researches as noted in the posted link reference doubt developer's claim and as Marcos stated believe this malware was delivered via RDP brute force attack. In any case, make sure your PC is fully patched. Thanks for help me! Link to comment Share on other sites More sharing options...
Recommended Posts