I got hit by .Cerber earlier in the year. And required about 10bitcoins ransom. Worse, it synced the entire 1 TB OneDrive -----Original Message----- From: "Maisiba Bravo via skunkworks" <skunkworks@lists.my.co.ke> Sent: 9/16/2016 3:02 PM To: "Catherine njoroge" <katewacuka24@gmail.com>; "Skunkworks Mailing List" <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Zepto Ramsonware Been hit by a Ramsonware, few mins ago, luckily it was a new server install. Ransomware was initiated on opening a website. Just reinstalled OS On Sep 15, 2016, at 6:11 PM, Catherine njoroge via skunkworks <skunkworks@lists.my.co.ke> wrote: Backups backups.Make Microsoft Azure your backup friend. Kind Regards, Catherine Njoroge On Thu, Sep 15, 2016 at 5:55 PM, awatila--- via skunkworks <skunkworks@lists.my.co.ke> wrote: actually the first computer virus was what we now call ransomware On 15 Sep 2016 16:17, Peter Osotsi via skunkworks <skunkworks@lists.my.co.ke> wrote: Well as it stands today, its asking for 5 Bitcoins. You can find out how much that is on the bitcoin exchange. I decided to keep my encrypted volumes and files and move to a new backup system, buy everyone 4TB external drives. Sasa kila mtu ajitetee. Seriously whoever came up with the ransom idea after infecting your machine should be shot at several times. On Wed, Sep 14, 2016 at 12:51 PM, Francis Kamau via skunkworks <skunkworks@lists.my.co.ke> wrote: @Alvin - Ransomware ask for money. On Wed, Sep 14, 2016 at 11:16 AM, Timothy Yegon via skunkworks <skunkworks@lists.my.co.ke> wrote: Zinnox. Deslock+. Id like to meet the people who come up with such names. On Wed, 14 Sep 2016 5:56 pm David Wambui via skunkworks <skunkworks@lists.my.co.ke> wrote: Count me in Regards, David Wambui, ICT Department, M.P.Shah Hospital. P.O.Box 14497-00800, Westlands NAIROBI Direct Line: 0204291152 www.mpshahhosp.org From: Alvin Ochola via skunkworks [mailto:skunkworks@lists.my.co.ke] Sent: Wednesday, September 14, 2016 7:20 AM To: Francis Kamau; Skunkworks Mailing List Cc: Teddy Mwangi; Teddy Kungu Subject: Re: [Skunkworks] Zepto Ramsonware Francis, Asking for as in ? On Tue, Sep 13, 2016 at 9:33 PM, Francis Kamau via skunkworks <skunkworks@lists.my.co.ke> wrote: How much is it asking for? is it more than 50M? On Fri, Sep 9, 2016 at 10:45 AM, Alvin Ochola via skunkworks <skunkworks@lists.my.co.ke> wrote: + 1 Samson ! Regards, On Fri, Sep 9, 2016 at 10:38 AM, Samson Ogada via skunkworks <skunkworks@lists.my.co.ke> wrote: Sophos is planning a forum for Skunks and you shall get details soon. I clearly see this Ransomware Monster is an issue, and we will tackle this extensively. I will urge all the experts out there to kindly be present so we tackle this once and for all before it brings our systems down Regards, Samson On Thu, Sep 8, 2016 at 1:42 PM, Michael Bullut via skunkworks <skunkworks@lists.my.co.ke> wrote: + 1 for FreshDesk! It's very easy to setup & maintain (entirely cloud based). On 8 September 2016 at 12:59, Alvin Ochola via skunkworks <skunkworks@lists.my.co.ke> wrote: Alex, Yes it is but they have lots of new features combined right now. Check these: KnowBe4 - Security Awareness Phising KERIO - UTM +Next Generation Firewall Zinnox - Penetration Testing + Vulnerability Assessment FreshDesk - HelpDesk Software DESLock+ - Encryption END POINT PROTECTOR - Data Loss Prevention + Mobile Device MGMT PulseWay - Remote Monitoring + MGMNT STORAGECRAFT - Backup + Disaster Recovery Eset -Security Suite Snapt - Web application FireWall Load Balancer + Web Accelerator. I believe we can organise a SKUNK DAY on Eset if you guys are ready. Let me know by show of numbers - Eset Guys are available I can confirm that including Techies . We are Partners. There are free trials available !! Kind Regards, Alvin Ochola Sales Manager ICT Solutions Greenline Technology Limited Office: +254 722 21 99 38 / 733 61 07 58 Mobile: +254 722 313 923 Email: alvin.ochola@greenline.co.ke 2nd Floor @ Odyssey Plaza, Mukoma Road, Nairobi, Kenya www.greenline.co.ke Please consider your environmental responsibility before printing this e-mail. On Thu, Sep 8, 2016 at 12:45 PM, Alex Watila <awatila@yahoo.co.uk> wrote: Isn’t eset an antivirus system? From: Alvin Ochola [mailto:ajochola@gmail.com] Sent: Thursday, September 8, 2016 12:41 PM To: Peter Osotsi <peter.osotsi@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> Cc: awatila@yahoo.co.uk Subject: Re: [Skunkworks] Zepto Ramsonware Gentlemen forget the AV angle ! Most of these attacks are via in-house users via Emails / websites etc You can monitor this and give detailed reports via Eset . Contact Teddy Njoroge at Eset for detailed Information. Contacts Offlist. Regards, Alvin Ochola 0722313923 On Thu, Sep 8, 2016 at 12:32 PM, Peter Osotsi via skunkworks <skunkworks@lists.my.co.ke> wrote: Yes Alex. But the spam issue is becoming an epidemic as some spam is able to filter through some antivirus. PO On Thu, Sep 8, 2016 at 11:39 AM, Watila Alex via skunkworks <skunkworks@lists.my.co.ke> wrote: was anti virus software installed? Sent from Yahoo Mail on Android On Thu, 8 Sep, 2016 at 11:32, Odhiambo Washington <odhiambo@gmail.com> wrote: The ransomware still requires the appropriate access permissions to mess up the files. On 8 September 2016 at 11:07, Jose Muga <jpmuga@gmail.com> wrote:
From a video I saw on youtube most of these Ransomwares scan the network for File Share servers, so if you have setup backup folders on a file share, disconnect it.
On Fri, 2 Sep 2016 at 10:25 Watila Alex via skunkworks <skunkworks@lists.my.co.ke> wrote: first department to be automated is usually finance then they believe they know ICT Sent from Yahoo Mail on Android On Fri, 2 Sep, 2016 at 9:24, MotoBaridi via skunkworks <skunkworks@lists.my.co.ke> wrote: i've never understood this - why is IT always dumped under Finance?... -- On Thu, Sep 1, 2016 at 11:13 PM, Odhiambo Washington via skunkworks <skunkworks@lists.my.co.ke> wrote: You don't have to pay the ransom. It's that time that backups become handy! Ransomware will be the end of Network/Systems engineers. However there is a positive side: Finance Managers (under whom they always place IT) and Management will now listen to IT when they ask for something and not see their budgets as unnecessary OPEX. On 1 September 2016 at 23:05, Peter Osotsi via skunkworks <skunkworks@lists.my.co.ke> wrote: Dear skunkers, I'm tonight fighting this monster. He has locked two servers and several workstations. Anyone that has succeeded without sending a ransom. Good night Peter -- ---------- Don't wait for success; hunt it down like there's no tomorrow. ______________________________ _________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/ mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopi c.php?f=24&t=94 ------------ Other services @ http://my.co.ke -- Best regards, Odhi [The entire original message is not included.]