omnisphere ransomware KO: CSS wins!!

just a little success story, in bad english, for these difficult days…
This morning I was reading the mail and I get an advise from Valkirye: a mailware in an Administrator’s folder on a 2012R2 server.
Verified in C1, strange activity from about 3 am.
I immediately connected to the system and found the omnisphere ransomware placidly running and crypting files … in the Containment Sandbox :stuck_out_tongue:
About 100Gb of network files crypted in the VTroot, and not a single file damaged in the real folders, wow!
it’s time to take a breathe, stop all processes, clean everything I can, and investigate the cause.

Let me just say that CCS-Containment made a great job,
I called “finicky” in the past… I’m happy to apologize :o
Thank you

Great stuff! Are you using EDR?

@stefanoradam , thank you for sharing this success story, we’re delighted to see you are being protected by our product.

Even though it takes time to get used to containment, it is the best part of CCS.

No doubts it is.

Thank you for sharing. It is nice to hear these stories, especially now

no EDR, just AEP…

Who is using EDR and how is diffent from AEP ? (all these acronyms make me crazy)