This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RCA8R infection

Hi everyone,

one of our users seemed to be infected with a virus where all files got the RCA8 extension and therefore weren't usable anymore. I've look around on the internet but couldn't find any info about it. We've also launched a scan but without any result. Does anyone of you ever saw this type of infection?

Jo



This thread was automatically locked due to age.
  • It should be RCA8R, the R got missing while typing, I only saw this just now, sorry.

  • Hello Jo,

    first of all, this isn't really a UTM question, is it? Are you using Sophos Endpoint (managed by UTM), or some other AV?

    files [...] weren't usable
    the extension instead of or in addition to the correct one (wonder if there weren't any conflicts in the former case)? But I doubt all files aren't all files on the machine - otherwise the OS would no longer work. Anyway, this alone wouldn't make the files unusable. It sounds like ransomware - normally there are ransom notes in the affected folders, and/or the extension is associated with something that displays such a note.
    It should be possible to infer the original type of at least some files from their name, I assume they can't be opened though when the extension is reverted. 

    a scan but without any result
    "good" ransomware mops up after itself, thus usually the only detectable item would be the ransom note. Any detections for this machine recently?

    Christian

  • Oh, sorry, I thought I was in the correct place. Apparantly not.

    Indeed it sees to be ransomware. I'm afraid it's lost. Thanks for the info.

  • Jo, if you don't have endpoint protection on your PCs & servers, you should take a look at Intercept X Advanced on Sophos Central.  If you have another brand, your Sophos reseller will probably get a deal-you-can't-refuse from Sophos for you to switch to Central.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA