how would you go about trying to identify the machine/employee that caused this?Īpologies for the Long post, I've tried to give as much detail as possible. is there anything else we should look out for? How have none of the other drives been affected? As I mentioned, users always have several drives mapped at any given time. Are we wrong to assume there'd be a trace on any of the PCs? Are we wrong to assume that a user caused this by opening an attachment, or clicking a link in the web? Is there something else we can do to find the PC that caused this? and once we see that they open we assume that the machine is clean and isn't the one that initiated the virus. We've been going to all the PCs and checking local directories for. However, we can find no traces of this virus on any of our PCs, and we also find it strange that none of the other network shares have been infected. My understanding of this virus, from hearing about other companies, is that it needs to be imitated on a Pc, whether through an email link or something downloaded from the web, and that ALL local and network drives, including any possible USB drives should be encrypted. The one network share affected resides on a net gear NAS box that is linked with Active Directory. The affected network share had a text file in every sub folder with instructions of how to pay the ransom. txt files were encrypted) I did a quick check of all other network shares that are used by employees but found no trace of ransom ware anywhere else. I then realised that every word document on this network share was also encrypted, but. ![]() When I went to investigate I saw that the file was showing a. ![]() Yesterday I get a call from one user who said she couldn't open a word document she had been working in the evening before. We have 64 users who have 8 - 12 mapped drives - they mount at startup with a batch file set by active directory depending on what part of the organisation they're in. In case a larger network is involved the tool will use up to 100. There's been a high turnover of staff, in which 3 sysadmins have come and gone in the last 18 months, so the system isn't in the best condition. PortScan & Stuff is a free port scanner portable tool that is able to identify all the existing active devices on your network and it will also show all open ports and additional info such as MAC address, hostname, HTTP, SMB, SMTP, iSCSI, and SNMP services. My work is on the help desk, and there's 3 developers on the team, and our boss is the manager and acting sysadmin. I've recently started working in a small subsidiary of a larger international organisation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |