B4Print.com

General Category => General Prepress => Topic started by: pspdfppdfxhd on September 22, 2021, 07:25:31 AM

Title: Lockbit ransomeware attack
Post by: pspdfppdfxhd on September 22, 2021, 07:25:31 AM
We've had the second lockbit attack in 3 weeks. It encrypts all the files on a server with a .lockbit extension and the hackers are hoping that you will pay the money to unlock your files. Payable in bitcoin I think. I see today that files are being copied back slowly on the server so the IT guy must have been working overnight to fix it from a cloud backup. Hard to say how much work we lost depending on what the date is on the backup coming back in. Seems to be sidestepping our virus/malware software. Not affecting Macs yet, maybe it can't. Not sure how it's getting in but one of our salespeople is suspect, perhaps downloading porn?

 :facepalm:
Title: Re: Lockbit ransomeware attack
Post by: Designia(o_O) on September 22, 2021, 09:23:04 AM
Oh man that sucks
Title: Re: Lockbit ransomeware attack
Post by: Joe on September 22, 2021, 09:29:40 AM
Sounds like the password on the server has been compromised. What is the software running on the server and version of Windows OS? Do you keep up with security updates? Since this is the second time it sounds like your IT guy didn't properly secure it after the first time.
Title: Re: Lockbit ransomeware attack
Post by: David on September 22, 2021, 09:34:41 AM
either that or it's an inside job...

IT guy needs to make a caddy payment maybe?



 :spy2:
Title: Re: Lockbit ransomeware attack
Post by: Joe on September 22, 2021, 09:39:34 AM
Send this guy to have a word with the IT guy.

(https://images.complex.com/complex/images/c_fill,dpr_auto,f_auto,q_90,w_1400/fl_lossy,pg_1/krpjbyvedpf7kwz2scyh/james-gandolfini-tony-soprano)
Title: Re: Lockbit ransomeware attack
Post by: pspdfppdfxhd on September 22, 2021, 12:00:02 PM
We lost monday and tuesdays data..... lucky actually, could have been worse.

The good news is: I get paid by the hour!
Title: Re: Lockbit ransomeware attack
Post by: pspdfppdfxhd on September 22, 2021, 12:01:25 PM
Sounds like the password on the server has been compromised. What is the software running on the server and version of Windows OS? Do you keep up with security updates? Since this is the second time it sounds like your IT guy didn't properly secure it after the first time.

I don't know about IT and neither does anyone else here. If the IT guy goofed up, nobody would ever know.


 :drunk3: