RSA-2040 Ransomware
I have just had one of my computers infected with RSA-2040 ransomware. It is an older XP-based computer that is connected to a 2003 Windows Small Business Server at my office. I had Dropbox installed on this computer as well as several other systems. I learned about the virus when I logged onto the system using GoToMyPC. There was a demand to pay $500.00 in Bitcoins. I disconnected from the system and started reading about this virus. I disconnected my Dropbox account from all system except my laptop which had already sync'ed to Dropbox. I decided to subscribe to Webroot for my personal laptop and home computers and they do not appear to be affected yet. There is so much information on the internet that it's overwhelming. Any suggestion on what should be my next step on the XP system at my office?
Userlevel 7
+56
Hello and Welcome to the Webroot Community!
Please Submit a Support Ticket right away in most cases WSA can rollback a PC to a pre-infection state not sure about the sevrer unless you have WSA installed on that. Here is an Example but as we know Ransomware can be much harder: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202
Thanks,
Daniel 😉
Please Submit a Support Ticket right away in most cases WSA can rollback a PC to a pre-infection state not sure about the sevrer unless you have WSA installed on that. Here is an Example but as we know Ransomware can be much harder: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202
Thanks,
Daniel 😉
I realize that this was totally stupid, but I was not using any AV software on the XP-based system. It expired several months ago and I have been so busy that I didn't take time to install new AV program. I have been using F-Secure on my Windows 7 PC's but decided to switch to WSC today. I have read that this cannot be passed on through GoToMyPC so I have logged back on the system to explore a little further. The system has finished booting up but it is running very slow. I was able to open a few files with no problems except the time it takes to open. I haven't tried to open anything on the server yet. Should I load WSC on the system just for checking out status of the system?
Userlevel 7
+56
Well it's best to contact support they might have a way to fix your issue and ask them about installing WSA at that time and since it wasn't installed before infection it can't roll back so hopefully they can help you.
Daniel 😞
Daniel 😞
Userlevel 7
+56
One of our threat researchers also wrote a good article about securing your work environment against ransomware, that might be helpful for you:
https://community.webroot.com/t5/Webroot-Education/Best-practices-for-securing-your-environment-against/ta-p/191172
Having AV is good, but every AV will eventually miss something (yes, even us 🙂 ) so you want to have layers of protection to minimize the damage and maximize your protection.
https://community.webroot.com/t5/Webroot-Education/Best-practices-for-securing-your-environment-against/ta-p/191172
Having AV is good, but every AV will eventually miss something (yes, even us 🙂 ) so you want to have layers of protection to minimize the damage and maximize your protection.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.