Administrators Marcos 4,609 Posted October 19, 2018 Administrators Share Posted October 19, 2018 17 minutes ago, amirhrezaei said: Any solution??? There's no solution. Prevention is crutial. 1, Back up, back up, back up. 2. Install all critical Windows updates. 3, Make sure that you have the latest version of an ESET product installed. 4, Do not disable any protection features or exclusions, if not really needed. 5, Set a password to protect ESET's settings. 6, Enable detection of potentially unsafe applications. 7, Block RDP access from outside and use VPN. Alternatively you can use 2FA and / or restrict RDP access to specific IP addresses. 8, Use more sophisticated passwords, especially by users with RDP access. 9, Practice safe computing. Link to comment Share on other sites More sharing options...
Carlos Araujo 0 Posted October 30, 2018 Share Posted October 30, 2018 how did nod32 not stop the infection on my servers? All data, all backups Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted October 30, 2018 Administrators Share Posted October 30, 2018 2 hours ago, Carlos Araujo said: how did nod32 not stop the infection on my servers? All data, all backups It is typical of ransomware attacks that attackers misuse RDP to connect to a machine, disable or uninstall AV and only then run ransomware to encrypt files. Make sure that: - important data is backed up on a regular basis - regularly install security updates for the OS and other programs - keep your AV updated (both modules and the program itself) - practice safe computing - lock down RDP only for access from your internal network, use VPN instead (alternatively you can use 2FA or restrict RDP to specific IP addresses on a firewall) - set a password to prevent the AV from being modified / uninstalled - enable detection of potentially unsafe applications Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 183 Posted October 30, 2018 Most Valued Members Share Posted October 30, 2018 (edited) @Marcos , But still like the Eternal Blue which was exploited by the NSA , It was an exploit that was found and been used by the NSA for a good time while Microsoft was never able to realize that they have this security exploit in their systems, still the NSA never reported about the exploit until it was leaked and used by hackers. Quote According to Microsoft, it was the US's NSA that was responsible, by dint of its controversial strategy of "stockpiling of vulnerabilities", for, at the least, preventing Microsoft from timely public patching of this, and presumably other, hidden bugs.[19][20] What could protect the user from something like this? Edited October 30, 2018 by Rami Link to comment Share on other sites More sharing options...
Carlos Araujo 0 Posted October 30, 2018 Share Posted October 30, 2018 Can these RSA machine keys help me? Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 183 Posted October 30, 2018 Most Valued Members Share Posted October 30, 2018 @Carlos Araujo, "The MachineKeys folder stores certificate pair keys for both the computer and users. Both Certificate services and Internet Explorer use this folder." , I don't think those certificates got to do anything with the ransomware which whether it was WannaCry or Gamma one Link to comment Share on other sites More sharing options...
Carlos Araujo 0 Posted October 30, 2018 Share Posted October 30, 2018 3 minutes ago, Rami said: @Carlos Araujo, "The MachineKeys folder stores certificate pair keys for both the computer and users. Both Certificate services and Internet Explorer use this folder." , I don't think those certificates got to do anything with the ransomware which whether it was WannaCry or Gamma one ok. Thank you Link to comment Share on other sites More sharing options...
Recommended Posts