Reply to post: Re: Solution

Wind turbine maker Vestas confirms recent security incident was ransomware


Re: Solution

Last year I learned to avoid using domain admin accounts.

If the attack somehow manages to escalate to local admin privs, they can then rummage around in memory and find password hashes belonging to any domain admin that had come this way recently. Several VMs were thus hit.

We had an old app running that was using a third-party component that received an important security update a year prior to the attack.

Our original plan some years ago involved a full rewrite of said app, but priorities changed and no hands were left on deck.

A colleague reverse-engineered the attacker's code and got the decryption key, but we already had good backups, so no need.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022