Ransomware used clients computer

adambomb1258

Estimable
Jun 10, 2015
10
0
4,560
I have had a call from a customer explaining that one of their servers has ransomware on it. It apparently printed out a sheet of paper with the words "What Happened?". I haven't heard of this before and neither has my adviser. All help is greatly appreciated.
 
Solution
It's not unheard of for hackers/malware to hijack printers, but I'm not convinced this is ransomware just yet.

The mark of ransomware, usually, is that files on your computer become encrypted and the user receives a message, often which takes up the entire desktop or appears on boot, informing the user that files have been encrypted and demanding a ransom. You can see some examples here:

https://www.avast.com/ransomware-decryption-tools

I would strongly recommend isolating the affected devices (and the printer) and running scans on those devices to remove any malware/etc. as well as any further investigation needed before you re-introduce them to the network. Even if it's not ransomware, that doesn't mean it isn't harmful.

Avast-Team

Estimable
Mar 3, 2017
225
1
5,165
It's not unheard of for hackers/malware to hijack printers, but I'm not convinced this is ransomware just yet.

The mark of ransomware, usually, is that files on your computer become encrypted and the user receives a message, often which takes up the entire desktop or appears on boot, informing the user that files have been encrypted and demanding a ransom. You can see some examples here:

https://www.avast.com/ransomware-decryption-tools

I would strongly recommend isolating the affected devices (and the printer) and running scans on those devices to remove any malware/etc. as well as any further investigation needed before you re-introduce them to the network. Even if it's not ransomware, that doesn't mean it isn't harmful.
 
Solution

adambomb1258

Estimable
Jun 10, 2015
10
0
4,560

Thank you for your help. We ended up running a scan with the server HDD plugged into another pc, Hitman pro picked up most of the viruses and the randsomeware seemed to be very armature since it was wiped just from hitman pro. We were very lucky in this case