DXXD: Ransomware apparently attacks Windows Server directly

The DXXD ransomware apparently attacks Windows servers directly. Like other ransomware, DXXD encrypts files and appends the extension .dxxd to the encrypted file. Up to now, an attack on Windows servers has usually started from an infected client, which then encrypted files on network drives. In the Bleeping Computer forum, however, it is suspected that ... Read more

Protect Windows file servers from ransomware (Update 2)

I have already published some approaches to getting the ransomware plague under control here: https://www.frankysweb.de/windows-fileserver-vor-ransomware-crypto-locker-schuetzen/ https://www.frankysweb.de/windows-fileserver-vor-ransomware-schuetzen-update/ https://www.frankysweb.de/locky-verseuchte-clients-identifizieren/ https://www.frankysweb.de/clients-vor-infektion-mit-ransomware-schuetzen-locky-cryptolocker/ However, I also receive many emails every day asking what else is possible. I have to say: It depends... The scripts in the articles don't work in every environment, but probably have to be ... Read more

Protect clients from infection with ransomware (Locky, Cryptolocker)

We should slowly give ransomware the finger, we can already protect file servers and identify infected clients: https://www.frankysweb.de/windows-fileserver-vor-ransomware-crypto-locker-schuetzen/ https://www.frankysweb.de/windows-fileserver-vor-ransomware-schuetzen-update/ https://www.frankysweb.de/locky-verseuchte-clients-identifizieren/ Something can also be done on the clients to prevent infection. However, there is no one-size-fits-all solution here, but with GPOs you have a powerful tool at hand to at least react to current situations ... Read more

Locky: Identify infected clients

In these two articles, I already presented a way to protect Windows file servers from Locky and other ransomware: https://www.frankysweb.de/windows-fileserver-vor-ransomware-crypto-locker-schuetzen/ https://www.frankysweb.de/windows-fileserver-vor-ransomware-schuetzen-update/ Tobbi has also implemented the idea for Netapp Filer: http://www.tobbis-blog.de/netapp-ontap-fileserver-gegen-ransomware-abschotten/ But there are still the clients, from which most of the danger emanates. The faster the computers are identified that are infected with ... Read more

Protect Windows file servers from ransomware (update)

Yesterday I already reported on how Windows file servers can be protected against ransomware such as Cryptolocker, Cryptwall or Locky using the "Resource Manager for File Servers". The following comment was made on the article: Hi Frank, great article! Is there a trick on how to intercept the user and possibly only allow the user access to ... Read more

Protect Windows FileServer from Ransomware / Crypto Locker

Ransomware such as Crypto Locker or Locky and other names are becoming more and more of a plague. Only in a few cases is it possible to restore the encrypted data. Without a backup, the damage can quickly become very extensive. Since the Trojans usually start encrypting data from a client and in doing so ... Read more