Q&A

Nastiest Malware Q&A + Vote for this year's Nastiest!

Nastiest Malware Q&A + Vote for this year's Nastiest!
Userlevel 7
Badge +24
  • Sr. Security Analyst & Community Manager
  • 1080 replies

Welcome to another spooktacular Q&A! I’ve just returned from braving the darkest corners of the web to discover the nastiest malware of 2022. :scream:

I’ll be available until Halloween to answer your questions on the worst infections featured in our latest Nastiest Malware. Add your questions in the comments below.

 

As part of our ongoing community contest, we’ll be giving away a this keyboard to a random commenter (winner announced Halloween)

 

If you don’t have any questions then we invite you to cast your vote for the malware that you think is the NASTIEST or just tell us a spooky tech story that you have 👀

Make sure to take our Nastiest Malware Quiz to test your knowledge


21 replies

Userlevel 4

I was part of a team who helped a business under attack from Conti. Without going into too much detail we ended up creating a whole new network in the cloud and migrating them from the old infected network.

Userlevel 7
Badge +4

I thought that I had fully digested the article and still only got 15/20 on the quiz! 🤣😂

I’ll have to read it again!

Userlevel 5
Badge

@MunkeyMan  15 here too!

Was an interesting survey to do and I learnt a bit on it aswell!

QUESTION - What challenges does the Webroot team face where new malware is released? How difficult is it to manage this, what’s involved in the process?
 

I’ve often wondered how nerve racking it can be of a task, to ensure that an AV company tries to do their best to add up-to-date definitions and keeps up with new nasty malware that’s hidden beneath the surface.

 

We have anti-virus applications protect us, but what happens behind the scenes fascinates me.

Userlevel 7
Badge +6

Have responded to several incidents of RDP being hacked. The worst one was left open for vendor support and exploited to install ransomware on all their servers.

Fortunately we had backups and it didn’t spread to any workstations. They lost a few hours of work, but could have been much worse.

I was part of a team who helped a business under attack from Conti. Without going into too much detail we ended up creating a whole new network in the cloud and migrating them from the old infected network.

They make a lot of victims around me as well. On the plus side it helps to get more visibility so it takes less effort to actually get protections in place.

Userlevel 4

I thought that I had fully digested the article and still only got 15/20 on the quiz! 🤣😂

I’ll have to read it again!

Same I did way worse than I thought I would, will have to read it again and focus a bit more.

Userlevel 6
Badge +5

I’m surprised how well I did on the Q&A. I learned a lot too!

Userlevel 7
Badge +4

I got 80% so pretty chuffed with that. was a great article and always good to learn more

Userlevel 7
Badge +4

I thought that I had fully digested the article and still only got 15/20 on the quiz! 🤣😂

I’ll have to read it again!

LOL in the same boat. Some Halloween trick questions in there to prevent treats from happening. 

Userlevel 7
Badge +4

Have responded to several incidents of RDP being hacked. The worst one was left open for vendor support and exploited to install ransomware on all their servers.

Fortunately we had backups and it didn’t spread to any workstations. They lost a few hours of work, but could have been much worse.

@kleinmat4103  Webroot + proper 3-2-1-1 backup solution across your customer base is of utmost importance. Articles such as @TylerM  done so brilliantly, as well as success stories such as you mentioned here, should be made publicly available and shared across all customers, as there are still many customers out there that still do not get it  that things such as hardware failure, accidental deletions, malicious deletions be it disgruntled employees etc, is NEVER and IF it is going to happen, it is always a WHEN it is going to happen. Data is the single most important asset of any company, and it has to be protected on all levels at any cost.  

Userlevel 7
Badge +4

I was part of a team who helped a business under attack from Conti. Without going into too much detail we ended up creating a whole new network in the cloud and migrating them from the old infected network.

@WarrenT  always very sad when companies are disrupted to this extend. Always good to have a decent and proper 3-2-1-1- backup solution that gets tested regularly.  Add Webroot to that, do some Webroot Security Awareness Training  for the users, always a winning strategy. 

Userlevel 6
Badge +5

I would like to see more Q&A’s like this!

Userlevel 5
Badge +19

Anything Conti

Userlevel 7
Badge +6

Have responded to several incidents of RDP being hacked. The worst one was left open for vendor support and exploited to install ransomware on all their servers.

Fortunately we had backups and it didn’t spread to any workstations. They lost a few hours of work, but could have been much worse.

@kleinmat4103  Webroot + proper 3-2-1-1 backup solution across your customer base is of utmost importance. Articles such as @TylerM  done so brilliantly, as well as success stories such as you mentioned here, should be made publicly available and shared across all customers, as there are still many customers out there that still do not get it  that things such as hardware failure, accidental deletions, malicious deletions be it disgruntled employees etc, is NEVER and IF it is going to happen, it is always a WHEN it is going to happen. Data is the single most important asset of any company, and it has to be protected on all levels at any cost.  

100% agree. Data is the most important asset until it costs the client more money or otherwise inconveniences them in some way. Selling security products is very frustrating sometimes….

Userlevel 5

Better informed is better armed as they say ;)

Userlevel 7
Badge +4

Have responded to several incidents of RDP being hacked. The worst one was left open for vendor support and exploited to install ransomware on all their servers.

Fortunately we had backups and it didn’t spread to any workstations. They lost a few hours of work, but could have been much worse.

@kleinmat4103  Webroot + proper 3-2-1-1 backup solution across your customer base is of utmost importance. Articles such as @TylerM  done so brilliantly, as well as success stories such as you mentioned here, should be made publicly available and shared across all customers, as there are still many customers out there that still do not get it  that things such as hardware failure, accidental deletions, malicious deletions be it disgruntled employees etc, is NEVER and IF it is going to happen, it is always a WHEN it is going to happen. Data is the single most important asset of any company, and it has to be protected on all levels at any cost.  

100% agree. Data is the most important asset until it costs the client more money or otherwise inconveniences them in some way. Selling security products is very frustrating sometimes….

@kleinmat4103  tell me about it. To get to the correct decision makers in the process is many times the key for me. I have a 5 year old, and no matter how many times you can tell him things, he don't always listen, till he fall and get hurt, then he listen. Unfortunately, in a lot of cases, this is the very same with customers. 

Userlevel 7
Badge +24

@kleinmat4103  tell me about it. To get to the correct decision makers in the process is many times the key for me. I have a 5 year old, and no matter how many times you can tell him things, he don't always listen, till he fall and get hurt, then he listen. Unfortunately, in a lot of cases, this is the very same with customers. 

What a great analogy 

Userlevel 7
Badge +24

@MunkeyMan  15 here too!

Was an interesting survey to do and I learnt a bit on it aswell!

QUESTION - What challenges does the Webroot team face where new malware is released? How difficult is it to manage this, what’s involved in the process?
 

I’ve often wondered how nerve racking it can be of a task, to ensure that an AV company tries to do their best to add up-to-date definitions and keeps up with new nasty malware that’s hidden beneath the surface.

 

We have anti-virus applications protect us, but what happens behind the scenes fascinates me.

 

Most of the time we classify it bad in the cloud database based on a whole bunch of topical data points before we even know what exactly it is. Our researchers that analyze payloads from outside dumps or feeds will typically find out the binaries involved are already detected, obviously anything that isn’t will get classified bad then, but most of the time we’ve already got it using ML/AI.

 

Infosec twitter is an amazing resource to new strains and families almost in real time.

Userlevel 3

Brilliant survey, would like to see more challenges like this

Userlevel 7
Badge +25

Thanks for that Quiz. I need to do more studying. Anything under 75% is just awful IMO, and I was under 75%. It’s those names that I just can’t keep straight.  But a good education just the same. 

Userlevel 6
Badge +1

I had 18/20 on the quiz.

Reply