2 Computers are BitLocker Ransomeware Attacked via TeamViewer 13 Service

deliad
deliad Posts: 1
edited May 2023 in General questions

Hi,

I'm Security Advisor in my proffesion,

2 of our Customer's Computers Has been attacked by BitLocker Encryption Ransomeware, Spreaded by TeamViewer Exploit!

2 of the computers was clean but TeamViewer Installed and Service Enabled, Both of them are for internet usage only, usb ports are disabled, and as i found so far no activity was before the ransomware start to encrypt the second partition on each computer.

2 of them attacked by the same time
One of them has been locked by windows password that was set by the ransomware

I will try to dump the hash to decrypt the password for the windows user and the bitlocker, and give you any log/info you need

If you can to track the history of these teamviewers IDs:
[ID Removed] - The Computer that was bitLocker Encrypted ,BUT NO Password Set to the Windows user By The Ransomeware.

[ID Removed] - The Computer that seems to be bitLocker Encrypted(I didn't checked yet!) ,AND Password Set to the Windows user By The Ransomeware.

This attack has been made by the time of Saturday 15:00-15:20~

Ofcourse if its files encrypted the Attack bot Process has been started before that time!

Waiting from you to start help you investigate togther,
Thanks.




Comments

  • Scotty
    Scotty Posts: 493 Staff member 🤠

    Hi deliad,

    Unfortunately we cannot assist you on a public forum.

    Can you please email us at fraud@teamviewer.com

    Thank you.
    -Scotty

    Senior Moderator
    Did my reply answer your question? Why not accept it as a solution to help others?