omnisphere ransomware KO: CSS wins!!

stefanoradam · October 4, 2019, 5:59pm

Hello,
just a little success story, in bad english, for these difficult days…
This morning I was reading the mail and I get an advise from Valkirye: a mailware in an Administrator’s folder on a 2012R2 server.
Verified in C1, strange activity from about 3 am.
sh…!
I immediately connected to the system and found the omnisphere ransomware placidly running and crypting files … in the Containment Sandbox
About 100Gb of network files crypted in the VTroot, and not a single file damaged in the real folders, wow!
it’s time to take a breathe, stop all processes, clean everything I can, and investigate the cause.

Let me just say that CCS-Containment made a great job,
I called “finicky” in the past… I’m happy to apologize :o
Thank you

libretech · October 4, 2019, 6:37pm

Great stuff! Are you using EDR?

fatih · October 4, 2019, 7:06pm

@stefanoradam , thank you for sharing this success story, we’re delighted to see you are being protected by our product.

nct · October 6, 2019, 4:52pm

Even though it takes time to get used to containment, it is the best part of CCS.

axatech · October 6, 2019, 6:25pm

No doubts it is.

eztech · October 6, 2019, 11:15pm

Thank you for sharing. It is nice to hear these stories, especially now

stefanoradam · October 7, 2019, 8:59am

Hello,
no EDR, just AEP…

datalink · May 26, 2020, 1:26pm

Who is using EDR and how is diffent from AEP ? (all these acronyms make me crazy)