Page 1 of 1

Ransomware Attack Today

Posted: Tue Aug 06, 2024 2:05 am
by sonny

This morning a client called and showed this
on his Windows server...

ransomware-1.png
ransomware-1.png (41.7 KiB) Viewed 892 times
ransomware-2.png
ransomware-2.png (64.73 KiB) Viewed 892 times
ransomware-3.png
ransomware-3.png (66.04 KiB) Viewed 892 times

1. Ransomware is an affiliate program or business today

https://www.wired.com/story/state-of-ransomware-2024/

2. Oops, I told the forum about this attack


Re: Ransomware Attack Today

Posted: Tue Aug 06, 2024 2:22 am
by rockedge

Some Lockbit information -> https://www.cisa.gov/news-events/cybers ... /aa23-075a

LockBit Command Line Parameters

Parameters

Description

-del

Self-delete

-gdel

Remove LockBit 3.0 group policy changes.

-gspd

Spread laterally via group policy.

-pass

(32 character value) (Required) Password used to launch LockBit 3.0

-path

(File or path) Only encrypts provided file or folder

-psex

Spread laterally via admin shares

-safe

Reboot host into Safe Mode

-wall

Sets LockBit 3.0 Wallpaper and prints out LockBit 3.0 ransom note


Re: Ransomware Attack Today

Posted: Tue Aug 06, 2024 3:18 am
by sonny

Thank you, @rockedge. It's good to know.
I took care of that 'Sunday night ransomware' by replacing
the disk with the 'Friday bare-metal back up' (disk clone).
Dunno why lotsa attacks happen on Monday (in my experience). :?


Re: Ransomware Attack Today

Posted: Tue Aug 06, 2024 4:21 am
by Flash

Sonny, did they say how much they wanted? I assume they'd want bitcoin or equivalent.


Re: Ransomware Attack Today

Posted: Tue Aug 06, 2024 5:18 am
by sonny

@Flash
Though "negotiation" was mentioned, who would negotiate with those kinda people?
Yes, most likely with bitcoin.

That's why I stick to *nightly bare-metal back up (Mon-Fri disks) + *unlimited capacity
& *unlimited versions of cloud back up for businesses.

* Healthcare-related offices are the top targets for ransomware artists cuz the industry
can't afford to lose time.


Re: Ransomware Attack Today

Posted: Tue Aug 06, 2024 11:17 am
by rockedge

@sonny That's a smart approach. I was going to say just throw out the HDD and replace with the backup.

Literally toss the drive into the world of electronic junk and never even respond to the extortionists.

You've got great discipline and the diligence to consistently to perform the backups.


Re: Ransomware Attack Today

Posted: Tue Aug 06, 2024 12:34 pm
by some1

Hmm!!
Sleepers exist in the wild.
Might dwell on your backups.
How many HDs to toss?
How many backup-milestones to keep?


Re: Ransomware Attack Today

Posted: Tue Aug 06, 2024 1:49 pm
by sonny

@some1
That's why cloud backup with unlimited storage & *versioning is mandatory.
*Keep as many versions of the files as you wish (no back ups are erased)