Re: Locky Attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johan, On 5/2/16 9:50 AM, Johan Compagner wrote: > How did they get in? what security hole was used there? Most likely the usual: a raw meat vulnerability. Someone opened a document they shouldn't have trusted and enabled macros and let it do whatever dastardly thing it wanted to do. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlcqJVoACgkQ9CaO5/Lv0PBXzwCeKpAluJ5FxR5PDLzoFsN7n+3a SYsAn3Z2fUiMW2n2Sic6y01B3DAlFcZQ =IC7C -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Locky Attack
I can't say how I "have dealt" with it. Only how I plan to in case it hits: Restore backups, educate colleagues. If it hasn't hit yet, there's an argument to have watchdogs that watch out for suspicious massive file changes on file servers. But I'm not sure if they already exist, and if they're able to signal the infected client to shut down immediately. The time is over where people can be ignorant about attacks - "What would they want from me?" - the answer nowadays is: "Your money". And it's real. As I like to state when I'm in system administration trainings: You are only allowed to call something a backup, if you've *recently* *demonstrated* that you're able to *restore* to a totally new system with what you intend to call a backup. Otherwise it's a random set of data, copied from your live system, not a backup. Olaf Am 02.05.2016 um 15:18 schrieb Thess Bermudez: > Hi, > > Has anyone been attacked by a ransomware named Locky? Our company was hit > with the encryption of the js files running in our Apache Tomcat 7.0. Good > thing that we have daily app backups that made us not give in to the > "ransom" requirement. We also reinstalled everything in our server.. > Databases are intact but the corrupted/encrypted webapp files were replaced > by files with .locky extension. > > Would appreciate if anyone can share similar experience and how you've > dealt with it. > > Thank you, > > Thess > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Locky Attack
How did they get in? what security hole was used there? On 2 May 2016 at 15:18, Thess Bermudezwrote: > Hi, > > Has anyone been attacked by a ransomware named Locky? Our company was hit > with the encryption of the js files running in our Apache Tomcat 7.0. Good > thing that we have daily app backups that made us not give in to the > "ransom" requirement. We also reinstalled everything in our server.. > Databases are intact but the corrupted/encrypted webapp files were replaced > by files with .locky extension. > > Would appreciate if anyone can share similar experience and how you've > dealt with it. > > Thank you, > > Thess > -- Johan Compagner Servoy
Locky Attack
Hi, Has anyone been attacked by a ransomware named Locky? Our company was hit with the encryption of the js files running in our Apache Tomcat 7.0. Good thing that we have daily app backups that made us not give in to the "ransom" requirement. We also reinstalled everything in our server.. Databases are intact but the corrupted/encrypted webapp files were replaced by files with .locky extension. Would appreciate if anyone can share similar experience and how you've dealt with it. Thank you, Thess