OSAN Ransomware - Should I Pay as I Need Data

sonu1111 on 08/01/2020 - 13:12

Hi All,

I dont know what to do but our server got hacked last night. All files are encrypted with OSAN extension and hacker just confirmed the file decryption and asking for 0.4btc and now on requesting, dropped it by 0.3btc

Any advice will be good. We need business data and I dont know what is the guarantee that they will decrypt it.

Computing

closed Comments

  • sonu1111 on 09/01/2020 - 04:47
    +5

    Hacker provided the decryption file which ran for hours and decrypted everything.

    Now I have changed the password. Have pn-site backup plus cloud backup. Changed the RDP default port

    I flying overseas tonight and as soon as I will be back, I will create new virtual machines and migrate data. (I don't know what files hacker might have left)

    Thanks everyone for their input. Soemtimes small cut cost like this and I have learned my lesson won't comprise security and my boss agreed to cover the cost and also agreed for monthly cloud backup space, malware bytes software.

    He didn't understand the whole concept of this ransomeware.

    Again thanks everyone for their input and help.

    • SBOB on 09/01/2020 - 07:08

      Changed the RDP default port

      Wait, you expose RDP access to the internet directly?

      You should be setting up a VPN server and only allowing network access via VPN, not directly to core services like RDP

    • gromit on 09/01/2020 - 07:22
      +1

      This is NOT enough. you need to rebuild these servers. You cannot trust that they have not left a backdoor for a future ransom attempt.

    • alvian on 09/01/2020 - 07:22

      Get your boss to pay for good IT security advice and some education for staff please. There are even some free short courses that you can do. https://www.ozbargain.com.au/deals/itmasters.edu.au

      monthly cloud backup space

      What good will monthly backups do for the business?

    • ihbh on 09/01/2020 - 08:29
      +1

      All the best, and thanks for coming back to provide closure to your post.

    • 191919 on 09/01/2020 - 08:31

      happy to hear it mate, enjoy your wedding!! :)

    • Nebargains on 09/01/2020 - 08:57

      Apologies if this has already been answered, but have you at least identified how you were compromised? Were servers breached directly or was it something like a user opened an email attachment and poor security allowed it to spread from there?

  • shaybisc on 09/01/2020 - 08:05

    Where did OP end up buying Bitcoin?

    • pyramid on 09/01/2020 - 08:09

      coinspot….

      • Slippery Fish on 09/01/2020 - 08:27

        I heard gspot is more satisfying

        • RSmith on 09/01/2020 - 08:49

          Only if you are a she.

  • Moderatormoocher on 09/01/2020 - 08:59

    This thread will now be closed now that OP has resolved the issue.

Login or Join to leave a comment
Login Join