Search the Community
Showing results for tags 'india'.
Hello all! I kind of have a special question here. Hope this is the right place to put it. Our servers got attacked by ransomware and all of our files are encrypted by the Indian based Okean-1995 virus. We have backups but they are almost a year old. Production has stopped completely. And we are now pressed up against the corner. I am not proud to admit that we payed the criminals to have our files back. And they may or may not give them back. Now here is the thing: They want to connect to our server with RDP to do the decryption for us. This tells me that they have a decryptor that works for every single infected machine of this particular ransomware. Is there any way we can get a hold of this decryptor undetected by these criminals? Like packet sniffing on the RDP protocol for the executable code and the private key itself? I'd really love to help out the people who also are infected by this one. Problem is: I don't know how I can go about this undetected and risking all our companies files. If you think you can do it: Get in touch with me, and I'll invite you in on the quest to recover the decryptor.
I discovered about 2-4 IP addresses in Web Exclusions on each of my two desktops and laptop. I think they had been there for a long time because honestly I did not check this settings earlier. IP addresses were from Nigeria, India, Moldova, Netherlands. I removed them immediately. I contacted support who said they are there by user action on purpose or by accident. I have looked at forum and surfed.Others have had this problem. My impression is that nobody know for sure how this happens. One poster suggest it might be an inadvertent response clicking on the Malwarebytes popups notifying a block. I saw also Escatel mentioned by others which came up with me. There is no signs that my systems have been taken over or passwords changed. I check Web Exclusions now several times a day over last week and no new IP addresses have appeared. My virus software (Norton on my main desktop) and Malwarebytes is not picking up anything. I am not an expert and am a bit worried. It would be nice to know how this could have happened, because certainly I did not add these IP addresses myself deliberately ! My main concern though is whether the websites of the IP addresses in question could have been accessing my computers and spying or adding code. Am I correct that Malwarebytes itself would have picked up any malicious code from these sites when a threat scan is carried out. Also would the appearance of an IP address in my Web Exclusions allow it to bypass firewalls or evade detection by my other virus software. I would be grateful for any feedback. Thanks. OwenS