SAN and ESXI boxes had been hit with Akira ransomware. Worked 20 hours yesterday with only a subway sandwich to eat. Cyber security response team gave us an installer that had Sentinel One and Huntress on it. We made a bunch of flash drives and I went around to every PC and unhooked them all from the network and ran this installer. I was told that all you need to do is run the installer and then they can be plugged back into network.
All the PC’s I went to and did this, Sentinel One and Huntress never alerted to anything. Only things that ended up getting encrypted was the ESXI box, the VM’s, and the SAN data server. Outside that no user PC’s or other servers got encrypted.
[ad_2]
source
