Page 1 of 1
Ransomware Attack Today
Posted: Tue Aug 06, 2024 2:05 am
by sonny
This morning a client called and showed this
on his Windows server...
- ransomware-1.png (41.7 KiB) Viewed 892 times
- ransomware-2.png (64.73 KiB) Viewed 892 times
- ransomware-3.png (66.04 KiB) Viewed 892 times
1. Ransomware is an affiliate program or business today
https://www.wired.com/story/state-of-ransomware-2024/
2. Oops, I told the forum about this attack
Re: Ransomware Attack Today
Posted: Tue Aug 06, 2024 2:22 am
by rockedge
Some Lockbit information -> https://www.cisa.gov/news-events/cybers ... /aa23-075a
LockBit Command Line Parameters
Parameters |
Description |
-del |
Self-delete |
-gdel |
Remove LockBit 3.0 group policy changes. |
-gspd |
Spread laterally via group policy. |
-pass |
(32 character value) (Required) Password used to launch LockBit 3.0 |
-path |
(File or path) Only encrypts provided file or folder |
-psex |
Spread laterally via admin shares |
-safe |
Reboot host into Safe Mode |
-wall |
Sets LockBit 3.0 Wallpaper and prints out LockBit 3.0 ransom note |
Re: Ransomware Attack Today
Posted: Tue Aug 06, 2024 3:18 am
by sonny
Thank you, @rockedge. It's good to know.
I took care of that 'Sunday night ransomware' by replacing
the disk with the 'Friday bare-metal back up' (disk clone).
Dunno why lotsa attacks happen on Monday (in my experience).
Re: Ransomware Attack Today
Posted: Tue Aug 06, 2024 4:21 am
by Flash
Sonny, did they say how much they wanted? I assume they'd want bitcoin or equivalent.
Re: Ransomware Attack Today
Posted: Tue Aug 06, 2024 5:18 am
by sonny
@Flash
Though "negotiation" was mentioned, who would negotiate with those kinda people?
Yes, most likely with bitcoin.
That's why I stick to *nightly bare-metal back up (Mon-Fri disks) + *unlimited capacity
& *unlimited versions of cloud back up for businesses.
* Healthcare-related offices are the top targets for ransomware artists cuz the industry
can't afford to lose time.
Re: Ransomware Attack Today
Posted: Tue Aug 06, 2024 11:17 am
by rockedge
@sonny That's a smart approach. I was going to say just throw out the HDD and replace with the backup.
Literally toss the drive into the world of electronic junk and never even respond to the extortionists.
You've got great discipline and the diligence to consistently to perform the backups.
Re: Ransomware Attack Today
Posted: Tue Aug 06, 2024 12:34 pm
by some1
Hmm!!
Sleepers exist in the wild.
Might dwell on your backups.
How many HDs to toss?
How many backup-milestones to keep?
Re: Ransomware Attack Today
Posted: Tue Aug 06, 2024 1:49 pm
by sonny
@some1
That's why cloud backup with unlimited storage & *versioning is mandatory.
*Keep as many versions of the files as you wish (no back ups are erased)