Ransomware

[Tony_G 0]

Que les parece, el servidor de archivos de un cliente que tenía instalado Eset Endpoint para servidores fue infectado por el RANDSOMWARE MAKOP que encriptó todos los archivos. Lamentablemente la eficacia del producto fue nula pues ESET ENDPOINT fue anulado y bloqueado por completo.

Nunca había visto que un producto de ESET sea tan DEFICIENTE.

 

Machine translation:

The file server of a client that had Eset Endpoint for servers installed was infected by the RANDSOMWARE MAKOP that encrypted all the files. Unfortunately the efficacy of the product was null since ESET ENDPOINT was completely canceled and blocked.

I have never seen an ESET product be so DEFICIENT.

Edited April 10, 2020 by Marcos
Machine translation added

[Marcos 5,070]

First of all, we kindly ask you to communicate in English since this is an English forum and most of moderators and users don't speak other languages.

As for the incident, we don't know what version of ESET was installed and how it was configured or if the server and specifically RDP was secured or not. It often happens that servers don't have RDP secured or have all critical vulnerabilities patched. Then they easily fall a victim of attackers who connect to the server, disable or uninstall the antivirus and run ransomware to encrypt files.

Please submit the following stuff to samples[at]eset.com:
1, Logs collected with ESET Log Collector (first make sure that ESET is running and updating alright)
2, A handful of encrypted files (ideally Office documents)
3, The ransomware note with payment instructions.