Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting   09/20/2017

      По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.  || Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published.

Recommended Posts

One of our server is infected with arena ransomware. It encrypt files with .arena extension. I try to collect GSI report but when I plugin my usb to the server it encrypt the GSI utility also.

The server has Kaspersky Security 10 for Windows and databases are up to date, anti-cryptor also running. Kaspersky detect some viruses but did not stop ransomware to encrypt files.

What are the precautions to block these types of ransomware? I'll post screenshot later.

Same thing happens to other candidate in this forum but the extension was .aleta. Please see the link below:

 

Share this post


Link to post
Share on other sites

My question still not answered. I have latest version of Kaspersky Security 10 for Windows Server installed (special package for servers), real-time protection running, databases are also up to date and special component Anti-Cryptor is also running. With all these things up and running I got attacked by ransom-ware and Kaspersky did not stop ransom-ware to execute, Why? And also tell me in future Can Kaspersky will be able to block this arena ransomware?

Attached a zip file that contains virus report, screenshot of last database update and also some ransomware encrypted file. This is the only and maximum information that I can provide you. Encrypted zipped file password:  y2c3@d4

 

Infected Server.rar

Share this post


Link to post
Share on other sites
2 hours ago, myousufhk said:

My question still not answered. I have latest version of Kaspersky Security 10 for Windows Server installed (special package for servers), real-time protection running, databases are also up to date and special component Anti-Cryptor is also running. With all these things up and running I got attacked by ransom-ware and Kaspersky did not stop ransom-ware to execute, Why? And also tell me in future Can Kaspersky will be able to block this arena ransomware?

Attached a zip file that contains virus report, screenshot of last database update and also some ransomware encrypted file. This is the only and maximum information that I can provide you. Encrypted zipped file password:  y2c3@d4

 

Infected Server.rar

Hello,

in order to investigate the issue please post your question here - https://forum.kaspersky.com/index.php?/forum/19-virus-related-issues/

Thank you.

 

Share this post


Link to post
Share on other sites
12 часов назад, myousufhk сказал:

My question still not answered. I have latest version of Kaspersky Security 10 for Windows Server installed (special package for servers), real-time protection running, databases are also up to date and special component Anti-Cryptor is also running. With all these things up and running I got attacked by ransom-ware and Kaspersky did not stop ransom-ware to execute, Why? And also tell me in future Can Kaspersky will be able to block this arena ransomware?

Attached a zip file that contains virus report, screenshot of last database update and also some ransomware encrypted file. This is the only and maximum information that I can provide you. Encrypted zipped file password:  y2c3@d4

 

Infected Server.rar

Hi,

We provided your files to our specialists, we will inform you as soon as we have any new information.

Thank you!

Share this post


Link to post
Share on other sites

Hi,

Files was encrypted by Trojan-Ransom.Win32.Crusis, unfortunately we cannot decrypt these files. Our products can detect this ransomware with System Watcher and standart components with PDM:Trojan.Win32.Generic verdict.

Please also note that, according to our data, the attackers are using RDP selection of passwords to gain access to the victim machine and manually start the cipher. To avoid re-infection, we recommend to install a strong password for RDP.

Thank you!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×