This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Seeking Advice: Ransomware Attack and Solutions for Legacy Systems

I am reaching out for guidance on a critical issue one of our clients is currently facing. They have fallen victim to a ransomware attack, specifically impacted by the 'Hhuy virus' from the STOP/DJVU ransomware family, identifiable by the '.HHUY' extension on encrypted files.

The client's infrastructure includes computers running on Windows 7 and servers on Windows Server 2008 & 2012. Unfortunately, Intersept X, which we are considering as a potential security solution, seems to have compatibility issues with Windows 7.

We've managed to install a trial version of Intersept X on some of the compatible machines, as part of our proposal to integrate Sophos solutions (including Firewall and Intersept X) into their security framework.

Here are my key inquiries:

  1. Efficacy of Intersept X: Is Intersept X an effective tool to neutralize such viruses, particularly for systems compromised by the Hhuy ransomware?
  2. Legacy System Solutions: What are the recommended security measures or solutions for the servers running on outdated Windows versions (2008 & 2012) which are crucial for our client's operations?
  3. Data Recovery: The client has lost nearly 20 years' worth of data due to encryption by the ransomware. Are there any viable decryption methods or data recovery solutions available for this specific ransomware family?

Our goal is to reassure the client of their security and data integrity by adopting Sophos solutions. Any insights, experiences, or recommendations in dealing with similar scenarios would be immensely valuable.

Thank you in advance for your help and advice.



This thread was automatically locked due to age.
Parents
  • Hello,

    I know, you don't want to hear these answers:

    to point 1: You cannot use a modern AV / Endpoint Security solution to "heal" the fact that your customer is using an outdated platform.

    to point 2. This is a wide field. Better seek professional advice / help, if you cannot answer this alone. We cannot give "cheap" advice like that here, this is a community forum.

    to point 3. Sorry to be so harsh: "No Backup, No Mercy!" You should undergo all possible (technical) measures to proect your backup from being accessed by an attacker and to be encrypted. If it would be possible to simply decrypt that data, nobody would have a problem with ransomware.

    Concerning your goal: this is a good idea, you should definitely ask for a professional serviceprovider to help you here. It sound that you are not very familiar with that.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Philipp,

    Thank you for your response. While I appreciate your advice, I'm specifically seeking community help in navigating these challenges.

    Regarding our client's situation, this is the first time they are working with us. The fact that they may have an older infrastructure is actually beneficial for us, as it opens up the possibility of offering them multiple products and solutions tailored to their needs.

    On the second point, we have traditionally used Kaspersky for all our clients. However, this is our first venture with SOPHOS, following our recent partnership with them. We're eager to develop our expertise with SOPHOS products. Although our experience with them is limited at the moment, we see this as a significant opportunity for both us and SOPHOS.

    Again, thank you for your insights, but I am hoping to engage more with the community for additional perspectives and advice.

    Best regards,

  • Ok, feel free to do it like that.

    I can only recommend to get in touch with Sophos Rapid Response team ASAP.

    We are Sophos partner as you and would definitely do that in your case.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Ok, feel free to do it like that.

    I can only recommend to get in touch with Sophos Rapid Response team ASAP.

    We are Sophos partner as you and would definitely do that in your case.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data