Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do you administer Windows file servers? Are you using Microsoft's free FSRM?


  • Please log in to reply
4 replies to this topic

#1 nexxai

nexxai

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 10 June 2016 - 11:52 AM

One of our clients recently got infected with a TeslaCrypt variant and I decided that I've had enough and started researching ways to prevent similar things from happening in the future.

 

We came across Microsoft's free File Server Resource Manager role feature in Windows Server, which allows you prevent files matching a certain filter (called "File Screens" in FSRM parlance) from being written to the server.  While it's certainly not the end-all/be-all solution, it's proved to be fairly adept when kept up to date. 

 

So that's what I did - I built a site that allows people to stay up to date with the latest file screens for free.

 

The site is here: https://fsrm.experiant.ca and I am absolutely open to all suggestions, and there's a space near the bottom for submitting file screens that aren't already in the list.

 

Please let me know what you think.



BC AdBot (Login to Remove)

 


#2 gizmo21

gizmo21

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 10 September 2018 - 07:43 AM

I used (submitting/recieving) your list heavily but it seems the site is down atm getting:

 

Error 502  2018-09-10 12:34:54 UTC Bad gateway

from Cloudflare



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:16 AM

Posted 10 September 2018 - 09:17 AM

One of our clients recently got infected with a TeslaCrypt variant...

TeslaCrypt is an older ransomware infection (February 2015) which includes several known versions with various extensions for encrypted files such as .ecc, .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .mp3.Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation of the infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 nexxai

nexxai
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 10 September 2018 - 08:48 PM

 

I used (submitting/recieving) your list heavily but it seems the site is down atm getting:

 

Error 502  2018-09-10 12:34:54 UTC Bad gateway

from Cloudflare

 

 

Hey there, sorry about this.  Our datacentre was having some power issues this weekend which are now fully resolved and the site is back up.

 

My sincere apologies.



#5 gizmo21

gizmo21

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 11 September 2018 - 12:42 AM

I used (submitting/recieving) your list heavily but it seems the site is down atm getting:
 
Error 502  2018-09-10 12:34:54 UTC Bad gateway
from Cloudflare

 
Hey there, sorry about this.  Our datacentre was having some power issues this weekend which are now fully resolved and the site is back up.
 
My sincere apologies.
Hi there nothing to apologise for. You are doing a great job to the community and I just wanted to voice up. Thanks for all your efforts and perhaps even some more community members here will get involved by updating the ransom_extension list by just scanning the weekly report here and dumping it into your forms.
I think it would be even great if bleeping-computer siteadmits would automagically deliver all the extension they are reporting about to your site (just a hint @quietman7 ;) ).

Edited by gizmo21, 11 September 2018 - 12:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users