This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access vector Ransonware

We suffered a ransonware attack on our systems. How can I, through an ad hoc query, know what was the access vector and who introduced it? From which tables I can get this information? We have Sophos Enterprise Console 5.5.

Thanks for all

Franco

This thread was automatically locked due to age.

Parents

0 francoBigai over 6 years ago

Thanks very much for the replay

No file was encrypted, Sophos worked right well. Many computers have been infected and MTD is enable.

thanks

Franco
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 6 years ago in reply to francoBigai

Hello Franco,

Many computers have been infected
so what alerted you to the attack? Detections reported by the SAV component? Something else? Could you post some alert or event details?

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 francoBigai over 6 years ago in reply to QC

SAV - Copia.txt

ok i have posted the alert e sav file

thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 6 years ago in reply to francoBigai

Hello Franco,

the paths might give some hint where the threat came from, e.g. browsing or email (or HTML email with a link ...). Several users around the same time suggests email as the source.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 6 years ago in reply to francoBigai

Hello Franco,

the paths might give some hint where the threat came from, e.g. browsing or email (or HTML email with a link ...). Several users around the same time suggests email as the source.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data