Open ransomwhere password#
If it was a Windows machine that was not domain-joined, worry about other machines on the network that used the same user name and password as a user on the infected machine, or that the infected machine had saved credentials for (check the Credential Manager on the logged-in accounts). If the infected computer was a domain-joined Windows machine, the infected machine and the users logged into it may very well have had access to other computers on the network, placing them at risk.
In short, look for what machines the infected computer had access to.
On domain-joined Windows computers, the Active Directory service that handles authentication and distribution of credentials frequently is run on (and only works on) a particular network segment, leading to the common misconception that "the network" is not just a means of transmitting data, but a "trusted" thing. The real vulnerability is in the credentials the infected computer has. Just because a computer shares a subnet with another doesn't make it vulnerable (or, at least, it shouldn't, barring bugs). I get really aggravated when people talk about "infecting the network." Typically, there are two separate issues in play here. A dozen of infected PCs scanning the network to find supplementary victims is usually quite noisy. If possible, I would encourage you to take a look for suspicious network activity.
The other system may be up-to-date and correctly patched,.However, this the worst scenario because: Some worms indeed use network connection to propagate themselves: they scan the local network generally targeting some defined unpatched OS flaw and take advantage of this to propagate. The main thing is at least to be able to put a name on the malware, and even better to detect how this first computer was infected. Short answer, without any supplementary information, one should at least consider the risk of network infection as important.
0 kommentar(er)
