@JaredBusch said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:
@Fredtx said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:
@scottalanmiller said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:
@Fredtx said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:
@scottalanmiller said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:
@Fredtx said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:
@scottalanmiller said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:
@Fredtx how did it get determined that it was their agents that did it and not just a coincidence or something?
We received several support calls from the whole Oregon area and that was one of the common denominators for all the computers that were infected with that variant. I for one hand did not work with the customer, but that's what our techs saw and found. Tbh, I'm trying to understand how that could happen when most of the ransomware cases involves a self executable file.
So many different MSPs, but they all shared one tool?
It was only one MSP (PM Consultants) who’s agent spread the infection to their own customers. Their customers called our support desperate for help.
What agent was it? Knowing which program was compromised is a big deal, those agents are hosted by the vendor 99% of the time.
I was told it was Connect Wise.
Old and Unpatched, or weak passwords then.
Likely. Attach probably came through an MSP workstation.