just a little success story, in bad english, for these difficult days…
This morning I was reading the mail and I get an advise from Valkirye: a mailware in an Administrator’s folder on a 2012R2 server.
Verified in C1, strange activity from about 3 am.
I immediately connected to the system and found the omnisphere ransomware placidly running and crypting files … in the Containment Sandbox
About 100Gb of network files crypted in the VTroot, and not a single file damaged in the real folders, wow!
it’s time to take a breathe, stop all processes, clean everything I can, and investigate the cause.
Let me just say that CCS-Containment made a great job,
I called “finicky” in the past… I’m happy to apologize :o