Ransomware infected pfSense
-
Hello on the theme of ransomware variants can be locky or zepto, this eliminates the information but before makes an encrypted copy the user data; I have seen this in many of my clients but esteos attacks were made by email when a spammer sends in the mail a URL or attachment javascript theme, executed see ua connection that directs you to a tor server and which opens download ransomware, encryption keys can be RSA or AES; that is where the hacker leaves a part of the key to decipher and ask for a payment to give the other party, which is a trick for theft, the technique only is prevention because so far antiviral engines are not ransomeware detecting these variants, there are some herraientas recovery but only for older versions.
-
Gotta love this guy. Shows up, claims his pfSense box got own by ransomware, and then disappears into thin air.
-
@KOM:
Gotta love this guy. Shows up, claims his pfSense box got own by ransomware, and then disappears into thin air.
Possibly embarrassed that the ssh password was "password"
-
Maybe he just on vac?
-
Another ransomware - http://soft2secure.com/knowledgebase/odin-file-virus
Most ransomware come with email attachments and rogue links - do not click anything suspecious -
BritneySpears_Naked.exe!!! OMG! I must click the email attachment!
-
BritneySpears_Naked.exe!!! OMG! I must click the email attachment!
While also opening the Anna Kournikova equivalent, for good measure.
-
I think that the main cause of ransomware infection is between LCD and chair ;D
As I know the only way to decrypt locked files including this new Odin (http://myspybot.com/odin-virus/) is to use shadow copies extract tools like ShadowExplorer (http://www.shadowexplorer.com/downloads.html) or similar.
But the best option is to have backups of all your important data in separate hard drive/usb drive/cloud. -
But the best option is to have backups of all your important data in separate hard drive/usb drive/cloud.
This has been the best advice for a plethora of computer issues going back 35+ years, but it still seems like everyone has to learn it the hard way.
-
And another offline copy in a locked safe off-site.
-
All of this being said, and obviously I do share ;), there is something to be noticed: with default set-up, meaning not access allowed from outside, pfSense doesn't offer, as far as I understand, anything against brute force attack from the LAN.
Sure one can set-up FW rules to limit this, build VLAN, use strong admin password but if one device on the LAN side get infected by piece of code executing brute force attack against your default gateway, how do you notice and prevent it?
From WAN, this is quite simple… and furthermore covered by default set-up
From LAN, this is another story and perhaps some mechanism "a la fail2ban" may help on the internal side. -
We already have it. 15 denied logins via GUI or SSH gets your IP banned for an hour, even local.
-
Cool, this is what I didn't know. Excellent, thank you.
and most likely enough to fight brute force if your admin paswword is not "password" or "admin" ;D ;D ;D
