rsailors

Thanks for all the feedback. We have been using MB Enterprise for a long time with our stack, and we love it. I suppose it helps that we don't have a huge footprint, but so far, we have never had an issue where MB didn't catch the bug at a single point of infection. It's never made the jump to any other device on the network. What concerns me is how these tools like MB get disabled even though they are password protected. I get it if someone has the password, but if they don't and are still able to bypass that, that's a real issue.

It’s amazing to me that a helpdesk had access to these systems. You would think a company with that much money would have the best security team. Thanks for all the feedback, very informative.

Right, I know how they got access, but how did MGM's systems not detect the encryption? Unless they somehow got admin access. That seems unlikely given the size of the company.

Very scary stuff, for sure. I guess we have been very lucky with our security appliances and MB. I worked for Lockheed and NASA for over 10 years as a network admin, so I have seen some crazy things. It seems impossible to keep up with the ever-changing threats.

Right, but if a tool like MB can detect encryption or even see it, I would assume it would flag it and stop it. It would be nice for someone at MB to weigh in on this, as it's a bit concerning. I hope MB can't be disabled by any means other than an admin. As for the network, I agree that you need a good security appliance. I'm speaking of MB here. If someone makes it past our first layer of defense, we would have a much greater issue. 99% of the time, things are stopped at our security appliance.

Regardless, even if they had direct access I would assume a tool like MB would catch the files being encrypted. If what you are saying is true why even bother paying for a tool like MB?

I don't understand how a 33 Billion dollar company like MGM can get ransomware. We use MB Enterprise for our clients, and it's never made a jump from a workstation. It has always been detected at the workstation level and stopped. Surely these guys had a good malware solution?