A whole shop got hit by that new 'silent' ransomware last Tuesday

I walked into our repair shop and every single machine, from the front desk PC to the three bench units, was locked. No loud warnings, no weird pop-ups, just a black screen with a tiny text file on the desktop. The note said to pay 0.5 Bitcoin to get our files back. We hadn't seen the usual signs because this thing hid in a fake driver update a client brought in on a flash drive three days prior. It spread through the local network without setting off any alarms until it activated all at once. We lost a full day of work and had to restore from a backup that was two days old, meaning we redid a lot of jobs for free. The scary part was how quiet it was until it was too late. Has anyone else run into this specific strain, and what did you do to clean it?

3 comments

3 Comments

norab2113d ago

Wait, it came in on a client's flash drive? That's terrifying. You trust you're helping someone and their device just wipes your whole shop. Makes me never want to plug anything in again.

shanem379d ago

Ever think about just blocking USB ports on your work machines? We did that after a scare and it's a total game changer for stopping that exact problem.

elliot_barnes12d ago

Actually, @norab21, the flash drive didn't wipe anything by itself. The virus just hitched a ride and then spread later when the system was online. We got hit with a similar quiet one last month, and isolating that initial machine before it calls home is key. A full network scan after you pull the drive is your best bet.