Jump to content

About Ransomware AES-NI


Recommended Posts

Hi all member Eset Forum!
I use Eset smart Security have licence to 8/2017.But Eset Smart Security not find Ransomware AES-NI. I think Eset database not have tool find Ransomware AES-NI.Now all data in my pc not recover again.

Link to comment
Share on other sites

  • Administrators

As far as I know, this Filecoder is run manually by an attacker after remoting in via RDP for instance. Therefore besides upgrading to v10 which contains ransowmare protection module, you should also consider disabling RDP or at least securing it.

Link to comment
Share on other sites

More info on this ransomware here: https://www.bleepingcomputer.com/news/security/aes-ni-ransomware-dev-claims-hes-using-shadow-brokers-exploits/

Note that malware developer was bragging about using the recently disclosed Shadow Broker exploits so I do hope your PC has been applying Win OS and MS software security updates as soon as they are offered via Win Update processing. Most security researches as noted in the posted link reference doubt developer's claim and as Marcos stated believe this malware was delivered via RDP brute force attack. In any case, make sure your PC is fully patched.

Link to comment
Share on other sites

20 hours ago, Marcos said:

As far as I know, this Filecoder is run manually by an attacker after remoting in via RDP for instance. Therefore besides upgrading to v10 which contains ransowmare protection module, you should also consider disabling RDP or at least securing it.

 

 

1 hour ago, itman said:

More info on this ransomware here: https://www.bleepingcomputer.com/news/security/aes-ni-ransomware-dev-claims-hes-using-shadow-brokers-exploits/

Note that malware developer was bragging about using the recently disclosed Shadow Broker exploits so I do hope your PC has been applying Win OS and MS software security updates as soon as they are offered via Win Update processing. Most security researches as noted in the posted link reference doubt developer's claim and as Marcos stated believe this malware was delivered via RDP brute force attack. In any case, make sure your PC is fully patched.

Thanks for help me! 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...