novice 20 Posted March 28, 2018 Share Posted March 28, 2018 Time to time I check the forum and I am surprised to see people infected by ransomware , even though ESET has a dedicated "Antiransomware module" The latest case: Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted March 28, 2018 Administrators Share Posted March 28, 2018 I don't find it surprising if attackers manage to remote in via RDP and with admin rights disable protection or uninstall the AV. Speaking about the Ransomware shield, it's only a part of consumer products. As for Endpoint, v7 will be the first version that will have it included. Link to comment Share on other sites More sharing options...
Guest sindbad Posted April 1, 2018 Share Posted April 1, 2018 @Marcos right now we enable eset livegrid so we are protected against ransomware, right? When v7 gets released, we have eset livegrid + ransomware shield to enable? Link to comment Share on other sites More sharing options...
khairulaizat92 9 Posted April 1, 2018 Share Posted April 1, 2018 42 minutes ago, sindbad said: @Marcos right now we enable eset livegrid so we are protected against ransomware, right? When v7 gets released, we have eset livegrid + ransomware shield to enable? Im not expert as marcos, but it should be sufficient for the current ransomware and future ransomware that have traits or behaviour that similar to existing ransomware if your rdp is not compromise, set uninstallation password to avoid endpoint av from being removed or disable. Again no AV can ever protect 100% from such ransomware as hacker also human, and they can modified and test their software until it cannot be trace. And even antivirus have it own limitation especially when it came to known OS and Firmware vulnerability that already being patch via OS / Firmware update but user did not patch their system which lead it to be exploit by cyber criminal. So patch your system keep your AV updated, and educate your user. And even if you practice all of this, you already secured up to 90%, to reach 100% protection is impossible. Additional Note: I remember seeing somewhere in this forum on somebody ask on how the strengthen their protection with HIPS rules. If the mention step are related with you, you might want to applied it to your HIPS rules. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted April 1, 2018 Administrators Share Posted April 1, 2018 4 hours ago, sindbad said: @Marcos right now we enable eset livegrid so we are protected against ransomware, right? When v7 gets released, we have eset livegrid + ransomware shield to enable? In order to improve protection, besides installing all critical and security patches harden RDP. If it's a network with more computers, consider using VPN, 2FA, etc. Also set a password to protect ESET's settings and enable detection of potentially unsafe applications to prevent possible attackers from running tools that install a driver and with administrator rights they can kill security software and subsequently run ransomware to encrypt files. Most importantly back up important files on a regular basis and keep the backup separate from machines. Link to comment Share on other sites More sharing options...
Recommended Posts