Jump to content

 Zenis Ransomware


Recommended Posts

  • Administrators

Please email samples[at]eset.com and provide:
- logs collected by ELC
- a handful of examples of encrypted documents

Link to comment
Share on other sites

Hello,

I do not have this problem yet, I was just trying to be proactive and see if I can do something to prevent it, such as maybe install an update to the product or something

Sorry if I did not explain myself clearly enaugh

Link to comment
Share on other sites

  • Administrators

You can provide me with ELC logs for a review of your ESET configuration and I will tell you if there's anything you could do to improve protection. Also let me know if you use legitimate scripts (vbs, js, hta, ps) or if it's ok to block script execution with HIPS.

Link to comment
Share on other sites

Lock down RDP access.

Quote

As previously stated, we do not know how the Zenis Ransomware is currently being distributed. Based on the elusiveness of the ransomware samples and comments from infected people, it could be distributed via hacked Remote Desktop services.

https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/

Also according to bleepingcomputer.com, decryption of files is not possible.

Edited by itman
Link to comment
Share on other sites

  • Administrators
18 minutes ago, itman said:

Also according to bleepingcomputer.com, decryption of files is not possible.

We've already decrypted files for several users :)

Link to comment
Share on other sites

30 minutes ago, Marcos said:

We've already decrypted files for several users :)

decrypted as protected or decrypted per customer request ?

Link to comment
Share on other sites

37 minutes ago, Marcos said:

We've already decrypted files for several users :)

I stand corrected. Read the bleepingcomputer.com thread on the ransomware and someone did develop a decryptor. Perhaps Eset is "Demonslay335"?:blink:

Link to comment
Share on other sites

15 hours ago, Marcos said:

You can provide me with ELC logs for a review of your ESET configuration and I will tell you if there's anything you could do to improve protection. Also let me know if you use legitimate scripts (vbs, js, hta, ps) or if it's ok to block script execution with HIPS.

Hello Marcos

Please see attached logs and let me know if I have collected them correctly. 

eea_logs.zip

Link to comment
Share on other sites

  • Administrators
5 minutes ago, Orascu Vlad said:

Please see attached logs and let me know if I have collected them correctly.

ESET is basically configured with default settings, ie. for maxim protection. I'd suggest removing all exclusions since each creates a potential security hole when otherwise recognized malware can run undetected in excluded folders. Use exclusions only as a last resort if certain issues cannot be resolved even with the assistance of customer care.

If you don't plan to use scripts, you can create HIPS rules for cscript.exe, wscript.exe, mshta.exe, jave.exe and powershell.exe that will block execution or ask when a script attempts to be executed.

Link to comment
Share on other sites

3 hours ago, Marios Kontos said:

I have been affected with Zenis Ransomware. How can I proceed to decrypt my files?

Are you a registered Eset user? If not, I suggest you post your current situation in this bleepingcomputer.com thread: https://www.bleepingcomputer.com/forums/t/673319/zenis-ransomware-help-support-topic-zenis-zenis-instructionshtml/page-2?hl=%2Bzenis#entry4471645

Edited by itman
Link to comment
Share on other sites

34 minutes ago, Marios Kontos said:

What do you mean register user, I am endpoint corporate client

See prior above posting by @Marcos pertaining to sample submission, ECL logs, and encrypted documents.

Link to comment
Share on other sites

6 hours ago, Marios Kontos said:

Find attached infected files. What else do you need?

Marios.rar

Hi im just assisting them,  please also provide ELC (Eset Log Collector), You can look how to use it at Marcos signature how to use Eset Log Collector.

and another thing is which country are you from? called me old timer, but i do think have Eset Rep (Distributor or Related to ESET) to visit the case site to also access the situation might be in someway fasten the process.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...