Tag Archives: teslacrypt

Ransomware Virus Continued

by Woodsbum

Well, we have finished finding all the virus installations and infections across our network. We got something called the Teslacrypt virus. This virus encrypts data like Cryptolocker. It then asks for a ransom to get the data back. Luckily we found it before many files were locked or it could have gotten really bad.

To combat this, we immediately shut down all our production systems and logged all our users off the network. We then used LAN Search Pro to look all over our network for files with the “_RECoVERY_” name. As we found these files in user profiles we then locked those accounts and ran both Norton Power Eraser and McAfee Stinger. Both of these programs removed the virus, but only Stinger works on servers. Power Eraser is a desktop only installation and removal program.

After we removed all the files associated with the virus and all the files that had been encrypted, we restored backup version of all the afflicted files.

We did remove the hard drive of the original system that had been infected. I plan on shooting it with either a 45-70 or a .50 BMG just to make sure it is completely dead. There is no reason to take any chances considering how much all the data on our network is worth.

This virus is nasty. The truth is that we were really lucky to have found it as quickly as we did and to have been able to mitigate the impact on our business. An infection like this can be catastrophic if you aren’t on top of things.

Keep your eyes open out there and if you see something that doesn’t look right, don’t be afraid to lock everything down until you can figure out what is causing the issue. A few hours of lost production is much better than a 6000 bitcoin ransom on your data.

  • Share on Tumblr

Ransomware Virus

by Woodsbum

What a hell of a day……

Somehow we ended up getting a ransomware virus on our network and I have been fighting with it all day. It seems that we probably caught it in time so the infection is isolated to just a few computers, but we are still looking.

For such a HUGE issue that is hitting the computer world today, I am surprised at the lack of data and information about it. Most other virus and malicious code have specific fixes you can download and just “click” to remove the software. Since it is such and easy program to find and delete manually, I am VERY concerned that it won’t just easily go away. My paranoia is getting the better of me.

Either way, we are fighting this out at the moment and I will be spending the night to get everything fixed. Keep your fingers crossed for us.

  • Share on Tumblr