pegorense 0 Posted August 14, 2019 Share Posted August 14, 2019 Dear Sir, I got a problem with my server. All of a sudden all my files was changed to .KEEP Files. Malwarebytes or Eset not able to detect the problem.Can you please advise me what is the fix on this issue? appreciate the help. Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 14, 2019 Administrators Share Posted August 14, 2019 If you had ESET installed at the time of infection, most likely its settings were not protected with a password, an attacker was able to log in with administrator rights and paused protection prior to running the ransomware. If you are a user with a paid license, please submit the following to samples[at]eset.com: - a handful of examples of encrypted files - the ransomware note (payment instructions) - logs collected on the infected machine with ESET Log Collector. Link to comment Share on other sites More sharing options...
itman 1,659 Posted August 14, 2019 Share Posted August 14, 2019 Make sure your server OS has all security updates applied. Of note is Bluekeep worm patches and these just announced like worm vulnerabilities: https://forum.eset.com/topic/20484-patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-11811182/ Camilo Diaz 1 Link to comment Share on other sites More sharing options...
Recommended Posts