No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSpace UC - MAA server got ransomware

Publication Date:  2017-01-13 Views:  68 Downloads:  0
Issue Description

Customer got a message:
Your data is encripted to return, writte to my email, fly_goods@aol.com

Alarm Information

 

 

 

 

 

Handling Process

customer does not have an antivirus installed at server and no licence for Huawei antivirus. Customer was not capable of doing internet-google suggestions about how to delete the ransomware.

R&D suggest:

1.   Format the disks first then install the OS (windows server 2008 r2 sp1)

2.      2. Install the patch after the OS installed:

http://support.huawei.com/enterprise/SoftwareVersionActionNew!showVDetailNew?lang=en&idAbsPath=fixnode01|7881490|8749328|9257238|9504197&pid=9504197&vrc=9897702|9897704|21269841&from=soft&tab=bz&bz_vr=9897704&bz_vrc=&nbz_vr=null

 

3.     3. Suggest to close port 3899 on firewall (this port is for RDP remote connection).

4.     4. Check if have MAA server configuration backed up  and restore

: 1)    5. Close the port the customer doesn’t use;

2        6. Find the attacking way by analyzing firewall’s log or other method

         7. Install anti-virus software

Root Cause
Customer does not have antivirus at server
Suggestions
  5. Close the port the customer doesn’t use;

2        6. Find the attacking way by analyzing firewall’s log or other method

         7. Install anti-virus software

END