2 Computers are BitLocker Ransomeware Attacked via TeamViewer 13 Service
Hi,
I'm Security Advisor in my proffesion,
2 of our Customer's Computers Has been attacked by BitLocker Encryption Ransomeware, Spreaded by TeamViewer Exploit!
2 of the computers was clean but TeamViewer Installed and Service Enabled, Both of them are for internet usage only, usb ports are disabled, and as i found so far no activity was before the ransomware start to encrypt the second partition on each computer.
2 of them attacked by the same time
One of them has been locked by windows password that was set by the ransomware
I will try to dump the hash to decrypt the password for the windows user and the bitlocker, and give you any log/info you need
If you can to track the history of these teamviewers IDs:
[ID Removed] - The Computer that was bitLocker Encrypted ,BUT NO Password Set to the Windows user By The Ransomeware.
[ID Removed] - The Computer that seems to be bitLocker Encrypted(I didn't checked yet!) ,AND Password Set to the Windows user By The Ransomeware.
This attack has been made by the time of Saturday 15:00-15:20~
Ofcourse if its files encrypted the Attack bot Process has been started before that time!
Waiting from you to start help you investigate togther,
Thanks.