This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Cipriano
Contributor
‎2019-01-13 06:53 AM

How to remove ransomware pos infection

Dear colleagues,

We have a company in angola that got Ransomware and as expected had no backup. They contacted me asking for help to solve the problem.

Do we have any way to solve a post-infection with the end point?

We could sell, install the endpoint to remove the threat, but would it install with the infected machine?

As far as I know, after infecting if encrypted the files were already ... the only solution would be to remove the ransonware and protect it from happening any more.

What is the recommendation to clean the machines before installing the endpoint?

0 Kudos
3 Replies
Gal_Carmeli
Employee
Employee
‎2019-01-13 07:09 AM

Hi,

Unfortunately, if the machine was already infected and the files were encrypted before Sandblast Agent was installed, there is nothing we can do in order to restore the encrypted files.

The best way would be to reimage the machine, and install the endpoint protection afterwards.

Thanks,

Gal.

0 Kudos
Marcel_Afrahim
Employee Alumnus
Employee Alumnus
‎2019-01-27 02:08 AM

What kind of ransomware was it? There are few decryptors out there based on leaked or reverse engineered by the researchers which can help.

0 Kudos
Markusevc
Employee
Employee
‎2019-01-27 02:25 AM

Maybe worth to have a look here: https://www.nomoreransom.org/en/index.html

Also this post is useful https://community.checkpoint.com/docs/DOC-2363 

Security Solutions Expert for Global Strategic Partners GSI/MSP/Telco & Consultancy Firms
0 Kudos