"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article describes how to prepare a USB device so it can be used to boot into the SafeGuard Recovery environment. You would use this if you need to boot SafeGuard WinPE from a USB drive on a computer that does not have a built-in CD-ROM/DVD-ROM but supports booting from the USB drive.
You can also use this to run a SAV32cli scan on an encrypted machine.
Known to apply to the following Sophos product(s) and version(s) SafeGuard Device EncryptionSafeGuard EasySophos SafeGuard Disk Encryption
The USB preparation process:
Create a new folder called Data on the root of USB pen drive.
On the machine running Sophos Anti-Virus right click in the shield icon and update now.
Once this has finished copy the entire “Sophos Anti-Virus” folder to the Data folder pen drive.
This folder can be found in one of the following locations
C:\Program Files\Sophos\ or C:\Program Files (x86)\Sophos\
Create a virtual client in the management center and “recovery token”.
Please refer to Safeguard Recovery Guide, page 27 “Creating the Virtual Client”
Once you have created a new virtual client, copy the recovery token to the “Data” folder on the USB pen drive.
Boot from the USB drive and follow the Recovery Guide starting at Page 27 “Retrieving data using Virtual Client”
Once the challenge response has been performed and you have access to the encrypted data on the C:\ drive.
In the WinPE environment click on “Computer” and navigate to E:\Data\ and highlight the Sophos Anti-Virus folder.
Next click on the Console Window icon in the top navigation bar.
This will open a command prompt in e:\data\sophos anti-virus\
Enter the command below
This will run a full system scan
Then depending on the result of any detection it will either be a disinfect scan or a remove scan.
a) SAV32CLI -DI -P=C:\DISINFECTLOG.TXT
b) SAV32CLI -REMOVE -P=C:\REMOVLOG.TXT
Please contact Technical Support if you need help doing any of these steps.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.