Jump to content

Recommended Posts

  • Administrators
17 minutes ago, amirhrezaei said:

Any solution???

There's no solution. Prevention is crutial.

1, Back up, back up, back up.
2. Install all critical Windows updates.
3, Make sure that you have the latest version of an ESET product installed.
4, Do not disable any protection features or exclusions, if not really needed.
5, Set a password to protect ESET's settings.
6, Enable detection of potentially unsafe applications.
7, Block RDP access from outside and use VPN. Alternatively you can use 2FA and / or restrict RDP access to specific IP addresses.
8, Use more sophisticated passwords, especially by users with RDP access.
9, Practice safe computing.

Link to post
Share on other sites
  • 2 weeks later...
  • Administrators
2 hours ago, Carlos Araujo said:

how did nod32 not stop the infection on my servers?

All data, all backups

It is typical of ransomware attacks that attackers misuse RDP to connect to a machine, disable or uninstall AV and only then run ransomware to encrypt files.
Make sure that:
- important data is backed up on a regular basis
- regularly install security updates for the OS and other programs
- keep your AV updated (both modules and the program itself)
- practice safe computing
- lock down RDP only for access from your internal network, use VPN instead (alternatively you can use 2FA or restrict RDP to specific IP addresses on a firewall)
- set a password to prevent the AV from being modified / uninstalled
- enable detection of potentially unsafe applications

Link to post
Share on other sites
  • Most Valued Members

@Marcos , But still like the Eternal Blue which was exploited by the NSA , It was an exploit that was found and been used by the NSA for a good time while Microsoft was never able to realize that they have this security exploit in their systems, still the NSA never reported about the exploit until it was leaked and used by hackers.

Quote

According to Microsoft, it was the US's NSA that was responsible, by dint of its controversial strategy of "stockpiling of vulnerabilities", for, at the least, preventing Microsoft from timely public patching of this, and presumably other, hidden bugs.[19][20]

 

What could protect the user from something like this?

Edited by Rami
Link to post
Share on other sites
  • Most Valued Members

@Carlos Araujo, "The MachineKeys folder stores certificate pair keys for both the computer and users. Both Certificate services and Internet Explorer use this folder." , I don't think those certificates got to do anything with the ransomware which whether it was WannaCry or Gamma one

Link to post
Share on other sites
3 minutes ago, Rami said:

@Carlos Araujo, "The MachineKeys folder stores certificate pair keys for both the computer and users. Both Certificate services and Internet Explorer use this folder." , I don't think those certificates got to do anything with the ransomware which whether it was WannaCry or Gamma one

ok. 

Thank you

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...