- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello! All your files are encrypted and only i can decrypt
hello all,
We attacked by ransomware and unfortunately all our file and also backup are encrypted.
I want to know if someone advise me how to find from where or witch direction, computer, lan or site - From where it attacked us
How i can create report or see the logs.
We have fortinet e200 model.
ASP
Best Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This question has so many answers. When do you think you where impacted? Are you maintaining logs & for how long? The infected hosts machines do you see them in the logs? I highly doubt this will help you with your ransonware issues tho and is a bunch waste of time since you do not really known the delivery method for the ransonware ( was it email, web, a infected USB drive,etc....????s )
What I would do;
I would concentrate on fixing the issues , with the big one of no end-point protection on the hosts or degraded end-points.
Review your security-policy and malware UTM fetaures
Review if your AV/MALWARE DB is upto date
Look for previous backup
Restore good backups , but only after you update the OS and endpoint protection
provide user education and training on security
You can Make a complaint to your local authtorities also but don't expect any major break or action form the law enforcement agency.
Ken Felix
PCNSE
NSE
StrongSwan