ctviggen 0 Posted August 23, 2022 Share Posted August 23, 2022 Hi All, I have ESET (at home, but I'm at work, so I cannot answer questions yet about which version or package). My work's IT people were hit by lockbit 3.0. That may have infected us at work too. Does ESET recognize and address/remove lockbit 3.0? Do I need a special malware package for this? Thank you. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted August 23, 2022 Most Valued Members Share Posted August 23, 2022 55 minutes ago, ctviggen said: Hi All, I have ESET (at home, but I'm at work, so I cannot answer questions yet about which version or package). My work's IT people were hit by lockbit 3.0. That may have infected us at work too. Does ESET recognize and address/remove lockbit 3.0? Do I need a special malware package for this? Thank you. I'm a little confused. Just to clarify the computer that Eset is installed has not been infected? Most AVs generally have protection against ransomware but once it's infected removing the ransowmare itself won't decrypt the files. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted August 23, 2022 Administrators Share Posted August 23, 2022 When a machine with ESET installed gets infected with ransomware and files get encrypted, it's usually because the attacker managed to gain access to the machine typically via RDP and was able to pause or uninstall the AV prior to running the ransomware. Link to comment Share on other sites More sharing options...
ctviggen 0 Posted August 23, 2022 Author Share Posted August 23, 2022 Interesting. So, if I take a USB memory stick home, I would not then transfer ransomware to my home? Link to comment Share on other sites More sharing options...
itman 1,746 Posted August 23, 2022 Share Posted August 23, 2022 (edited) 57 minutes ago, ctviggen said: Interesting. So, if I take a USB memory stick home, I would not then transfer ransomware to my home? It all depends on how you acquired the USB drive. Read this article for further reference: https://www.darkreading.com/attacks-breaches/fbi-warns-fin7-campaign-delivers-ransomware-via-badusb . Also, you must let Eset scan the USB drive when it's connected to your home PC if the USB drive has been used on external computers. Edited August 23, 2022 by itman Link to comment Share on other sites More sharing options...
ctviggen 0 Posted August 23, 2022 Author Share Posted August 23, 2022 Thanks, This was my USB I took from home to use at work, then took from work to home and I used ESET to scan it. ESET found nothing. I don't think our company has been infected, but the company that is IT support for us has. But our system at work has been shut down by the IT folks, so it's possible we were infected. For how long, I do not know. So, my concern was that if my USB had lockbit 3.0 malware, would ESET find it? I guess the answer is, yes. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted August 24, 2022 Administrators Share Posted August 24, 2022 It is not typical of ransomware to spread via removable media like worms. It's ok to assume that the USB key is malware free if no threat was found on either machine. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted August 24, 2022 Most Valued Members Share Posted August 24, 2022 One thing that I'd recommend if you are concerned about ransomware is to have an offline backup Ransomware can infect connected devices such as external harddrives and also synced cloud backup services. By having a local offline backup if your ever hit by ransomware you have your offline backup Link to comment Share on other sites More sharing options...
Recommended Posts