Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ransomware infected pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    20 Posts 14 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      Maybe he just on vac?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • M
        MadelineDickson63gmail.c
        last edited by

        Another ransomware - http://soft2secure.com/knowledgebase/odin-file-virus
        Most ransomware come with email attachments and rogue links - do not click anything suspecious

        1 Reply Last reply Reply Quote 0
        • H
          Harvy66
          last edited by

          BritneySpears_Naked.exe!!! OMG! I must click the email attachment!

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            @Harvy66:

            BritneySpears_Naked.exe!!! OMG! I must click the email attachment!

            While also opening the Anna Kournikova equivalent, for good measure.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • K
              Koman
              last edited by

              I think that the main cause of ransomware infection is between LCD and chair  ;D
              As I know the only way to decrypt locked files including this new Odin (http://myspybot.com/odin-virus/) is to use shadow copies extract tools like ShadowExplorer (http://www.shadowexplorer.com/downloads.html) or similar.
              But the best option is to have backups of all your important data in separate hard drive/usb drive/cloud.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                But the best option is to have backups of all your important data in separate hard drive/usb drive/cloud.

                This has been the best advice for a plethora of computer issues going back 35+ years, but it still seems like everyone has to learn it the hard way.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  And another offline copy in a locked safe off-site.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • C
                    chris4916
                    last edited by

                    All of this being said, and obviously I do share  ;), there is something to be noticed: with default set-up, meaning not access allowed from outside, pfSense doesn't offer, as far as I understand, anything against brute force attack from the LAN.

                    Sure one can set-up FW rules to limit this, build VLAN, use strong admin password but if one device on the LAN side get infected by piece of code executing brute force attack against your default gateway, how do you notice and prevent it?

                    From WAN, this is quite simple… and furthermore covered by default set-up
                    From LAN, this is another story and perhaps some mechanism "a la fail2ban" may help on the internal side.

                    Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      We already have it. 15 denied logins via GUI or SSH gets your IP banned for an hour, even local.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • C
                        chris4916
                        last edited by

                        Cool, this is what I didn't know. Excellent, thank you.
                        and most likely enough to fight brute force if your admin paswword is not "password" or "admin"  ;D ;D ;D

                        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.