I have a client that we have had some strange issues. When I took them over from a friend that is retiring, they had just been hit with a ransomeware virus. I was able to get them back to a running state again but not without paying the ransome as they did not have a good backup.I have since fixed the backup situation and hopefully blocked any new ransomware invasions. We had an issue the other day where the office manager told me that they had just randomly lost directories under their working cases (law firm). I investigated the issue and could only find an issue with the DFS setup to the old server. In the process of investigation I started just checking all the systems. The real issue that bothers me is that on my SonicWall I started seeing blocked connections from Russia to the firewall which is not unusual from the outside but then I have the managing partner's Mac trying to reach Russia from within the network. What I was wondering is what can I use to check and see what is trying to call out on the Mac? I am fluent on Windows and Linux but not the Mac. Like I said this client is the nervous type and always thinks that they being hacked.