Ransomware Attack Today

For discussions about security.
Post Reply
sonny
Posts: 725
Joined: Mon Feb 15, 2021 4:50 pm
Has thanked: 486 times
Been thanked: 173 times

Ransomware Attack Today

Post by sonny »

This morning a client called and showed this
on his Windows server...

ransomware-1.png
ransomware-1.png (41.7 KiB) Viewed 936 times
ransomware-2.png
ransomware-2.png (64.73 KiB) Viewed 936 times
ransomware-3.png
ransomware-3.png (66.04 KiB) Viewed 936 times

1. Ransomware is an affiliate program or business today

https://www.wired.com/story/state-of-ransomware-2024/

2. Oops, I told the forum about this attack

User avatar
rockedge
Site Admin
Posts: 6571
Joined: Mon Dec 02, 2019 1:38 am
Location: Connecticut,U.S.A.
Has thanked: 2779 times
Been thanked: 2650 times
Contact:

Re: Ransomware Attack Today

Post by rockedge »

Some Lockbit information -> https://www.cisa.gov/news-events/cybers ... /aa23-075a

LockBit Command Line Parameters

Parameters

Description

-del

Self-delete

-gdel

Remove LockBit 3.0 group policy changes.

-gspd

Spread laterally via group policy.

-pass

(32 character value) (Required) Password used to launch LockBit 3.0

-path

(File or path) Only encrypts provided file or folder

-psex

Spread laterally via admin shares

-safe

Reboot host into Safe Mode

-wall

Sets LockBit 3.0 Wallpaper and prints out LockBit 3.0 ransom note

sonny
Posts: 725
Joined: Mon Feb 15, 2021 4:50 pm
Has thanked: 486 times
Been thanked: 173 times

Re: Ransomware Attack Today

Post by sonny »

Thank you, @rockedge. It's good to know.
I took care of that 'Sunday night ransomware' by replacing
the disk with the 'Friday bare-metal back up' (disk clone).
Dunno why lotsa attacks happen on Monday (in my experience). :?

User avatar
Flash
Moderator
Posts: 981
Joined: Tue Dec 03, 2019 3:13 pm
Location: Arizona, U.S.
Has thanked: 52 times
Been thanked: 127 times

Re: Ransomware Attack Today

Post by Flash »

Sonny, did they say how much they wanted? I assume they'd want bitcoin or equivalent.

Chaos coordinator :?
sonny
Posts: 725
Joined: Mon Feb 15, 2021 4:50 pm
Has thanked: 486 times
Been thanked: 173 times

Re: Ransomware Attack Today

Post by sonny »

@Flash
Though "negotiation" was mentioned, who would negotiate with those kinda people?
Yes, most likely with bitcoin.

That's why I stick to *nightly bare-metal back up (Mon-Fri disks) + *unlimited capacity
& *unlimited versions of cloud back up for businesses.

* Healthcare-related offices are the top targets for ransomware artists cuz the industry
can't afford to lose time.

User avatar
rockedge
Site Admin
Posts: 6571
Joined: Mon Dec 02, 2019 1:38 am
Location: Connecticut,U.S.A.
Has thanked: 2779 times
Been thanked: 2650 times
Contact:

Re: Ransomware Attack Today

Post by rockedge »

@sonny That's a smart approach. I was going to say just throw out the HDD and replace with the backup.

Literally toss the drive into the world of electronic junk and never even respond to the extortionists.

You've got great discipline and the diligence to consistently to perform the backups.

some1
Posts: 86
Joined: Wed Aug 19, 2020 4:32 am
Has thanked: 18 times
Been thanked: 15 times

Re: Ransomware Attack Today

Post by some1 »

Hmm!!
Sleepers exist in the wild.
Might dwell on your backups.
How many HDs to toss?
How many backup-milestones to keep?

sonny
Posts: 725
Joined: Mon Feb 15, 2021 4:50 pm
Has thanked: 486 times
Been thanked: 173 times

Re: Ransomware Attack Today

Post by sonny »

@some1
That's why cloud backup with unlimited storage & *versioning is mandatory.
*Keep as many versions of the files as you wish (no back ups are erased)

Post Reply

Return to “Security”