Jump to content

Search the Community

Showing results for tags 'ransonware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. Last week our network was hacked into by an unknown party. Our firewall was open for remote connections to allow a firm that is performing major upgrades to our Microsoft Dynamics ERP software. Prior to this project, I set up a VPN connection on our Sonicwall firewall device and both myself and the local office of the firm doing the upgrades were able to log in successfully. However, the firm doing the upgrades has a team doing much of the work from India. The folks in India insisted they were unable to connect via the VPN and had to use a much less secure route. Yes, this should have been a major red flag, and I was very reluctant to allow this and suggested that I send them copied of the VMs and they work on them there, and return them when complete. Nope, we can't do that, so yes, the fool I am, gave in and allowed unsecured access. While I can't prove who logged into system, I can tell you that they used credentials that only myself, and the above firm knew. You decide ! Last Tuesday, one of the office staff tells me at 6 am that she can't get into her exchange mail and I go to log into my system to take a look and would get disconnected after a few seconds, over and over. I finally log in as the administrator and see someone logged in as me from a client that was not ours. I quickly ran to the server room and pulled the internet feed. I found they had left open multiple windows on a couple servers running commands and changing firewall rules. I also found they installed an IP scanner on one desktop and had it open as well. They successfully installed ransomware which wiped out a couple of our servers that I use for backups. Thankfully, they didn't get to all of the backups and tapes, and I was able to get us back up in a day or so. One thing that I found disturbing (well, even more disturbing) was that they uninstalled our Malwarebytes Endpoint agents, allowing the damage to be done. So, here is my question, can the Malwarebytes protection be made uninstallable or unable to be disabled by anyone, even administrators without a unique password, or special code specific to this purpose only? If not, maybe this is something that can be looked at.
  2. We have a user machine that is affected by the GandCrab ransomware. This machine has both Anti-Malware and Anti-Exploit installed. Virustotal results for the hash: https://www.virustotal.com/en/file/760cdf98264ebefdc2bcfb0c90e88ea9cd26130041260f12bb89b79a94134ec7/analysis/
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.