Hi all,
We got hit by a ransomware attack yesterday morning. From what I can tell, it only affected our server, not any of our workstations. We have a backup, so I am working on that. But the question I have is how it got there and how to prevent it from happening again.
Since it showed up on the server and not any of the workstations, does this mean that the attacker was able to access our server directly (as opposed to a workstation accidentally clicking on an email or downloading a virus file)?
If so, is there any way to find out how they were able to do that? Do I have an open port somewhere? What can I do to prevent it from happening again?
We got hit by a ransomware attack yesterday morning. From what I can tell, it only affected our server, not any of our workstations. We have a backup, so I am working on that. But the question I have is how it got there and how to prevent it from happening again.
Since it showed up on the server and not any of the workstations, does this mean that the attacker was able to access our server directly (as opposed to a workstation accidentally clicking on an email or downloading a virus file)?
If so, is there any way to find out how they were able to do that? Do I have an open port somewhere? What can I do to prevent it from happening again?