So two of my work places got hit by this ransomware. It encrypts all files with an email attaching to each encrypted files for you to seek help to, in return they would require money in bitcoins to avoid being traced, in order to decrypt your files back to you.
The timing is remarkable. During this pandemic. While I would be required to do many times more labor on both sides. Tons of programming for NYGC.
However, it is remarkable still, that there are enough talents here to get to a solution quickly, restoring backups, migrating to new systems, while back when NYGC was facing this, I was the only one to handle it. I had to rebuild everything.
Cloud and backup systems now seem incredibly crucial now. Also, I've looked into NYGC's new Windows 2012 server to block all intruding RDP sessions. Wrote a script that adds to inbound IP blocking rule automatically whenever a failed login is detected. Took me a while to figure this, but I did it, I wrote the script that does this. We'll see what more is interesting. About 400+ (by doing comma counts here) different IPs trying what appears to be brute force on my RDP ports, every seconds. Now, it's down to a mere 3-5 attempts every hour. Now there's a 8k byte limit for command line, so I read, so I must watch if the IPs I collected is reaching around 600. If so, I may just have to reset by starting from zero IPs assuming the oldest IPs would no longer dare to try. Or maybe create another IP blocking rule.