Riadg 0 Posted November 22, 2019 Share Posted November 22, 2019 I am attacked with an MBED ransom ware which is now asking me to make payment of a lot of $. Please do help me I have lot of company data in and also note already was have latest updated modules and definitions for out ESET products ,So need help because we discover this case only in 3 computers Otherwise there is more than 200 computer on the same range .we have to find solution to fix this as soon as possible Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted November 22, 2019 Administrators Share Posted November 22, 2019 It's Filecoder.STOP. Only certain variants can be decrypted and only if the machine was offline when the encryption occurred. Please get the following stuff and send it to samples[at]eset.com: - a handful of encrypted files (ideally Office documents) - the ransomware note with payment info - logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
itman 1,749 Posted November 22, 2019 Share Posted November 22, 2019 You might also want to read this thread on how STOP ransomware is distributed: https://forum.eset.com/topic/20926-for-individual-users-this-is-one-ransomware-you-should-pay-attention-to/?tab=comments#comment-101795 Link to comment Share on other sites More sharing options...
itman 1,749 Posted November 22, 2019 Share Posted November 22, 2019 (edited) This recent article related to this specific STOP ransomware variant might be informative: https://malwaretips.com/blogs/remove-mbed/ Of note: Quote 2. How did the Mbed ransomware get on my computer? The Mbed ransomware is distributed via spam email containing infected attachments or by exploiting vulnerabilities in the operating system and installed programs. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the Mbed ransomware. This ransomware was also observed attacking victims by hacking open Remote Desktop Services (RDP) ports. The attackers scan for the systems running RDP and then attempt to brute force the password for the systems Edited November 22, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,749 Posted November 22, 2019 Share Posted November 22, 2019 (edited) I will also add that there is a locked screen RDP bypass vulnerability affecting Win 10 1803+ versions plus Server 2019 that has never been patched as far as I am aware of. You can read what this vulnerability is and recommended mitigations for it here: https://www.kb.cert.org/vuls/id/576688/ Edited November 22, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts