- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Dear colleagues,
We have a company in angola that got Ransomware and as expected had no backup. They contacted me asking for help to solve the problem.
Do we have any way to solve a post-infection with the end point?
We could sell, install the endpoint to remove the threat, but would it install with the infected machine?
As far as I know, after infecting if encrypted the files were already ... the only solution would be to remove the ransonware and protect it from happening any more.
What is the recommendation to clean the machines before installing the endpoint?
Hi,
Unfortunately, if the machine was already infected and the files were encrypted before Sandblast Agent was installed, there is nothing we can do in order to restore the encrypted files.
The best way would be to reimage the machine, and install the endpoint protection afterwards.
Thanks,
Gal.
What kind of ransomware was it? There are few decryptors out there based on leaked or reverse engineered by the researchers which can help.
Maybe worth to have a look here: https://www.nomoreransom.org/en/index.html
Also this post is useful https://community.checkpoint.com/docs/DOC-2363
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY