Jump to content

an infected system to learn on, knowing if it's clean

Njem

By Njem
in Anti-Ransomware Beta

 Share

Recommended Posts

Njem

Njem

Posted
Posted

I have a system that was encrypted. We recovered data for other systems on the network from a backup but decided this system was going to be replaced anyway so are using it offline to learn about ransomware.

enctypted files are marked .locky

The ransomware beta (9.14.361) would not activate. I suspect because it has no internet connection, and I'm not going to give it one.

This is the system where the problem started, where a user opened an attachment. It seems to be still infected. I made a new doc file and it immediately was encrypted. Though I've tried that numerous times since and now they don't get encrypted. Not sure if it's laying in wait.

malwarebytes found malware.trace in the system. I did not quarantine it because want to learn more before cleaning it. Is malware.trace probably the item that can continue to encrypt? If I did clean that am I likely safe if I wanted to use this system?

Mostly what I want to learn is when such an attack happens, how I know if the code is gone and it's safe to go back to using a system or putting it on the network.

 
 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.