Hi guys,
hope you are well. I wanted to pick your brains. I have a server at home running windows server 2016 - with 3 machines running on hyper-v. They had different jobs. one was for torrenting, one for cctv, google sync and another for general usage etc.
Server 2016 was running AD and each user would login with their AD credentials.
Now this is just a home pc, nothing important on there apart from years of pictures etc and CV and browser history and loads of films. They are all set to backup each night onto USB hdd.
Over the weekend I logged in and saw everything had been encrypted and all my files with a weird .encrypted extension. A note pad with an email address saying send some bitcoin to have your data back. Im running on a virgin media line and have a few ports forwarded to the main server and to one of the VM. Luckily I have my data backed up so not an issue but I am looking to rebuild again with better security.
My question is really, how did they get in and what can I do to secure myself? When I logged onto one of the vm's there was a command prompt open with something along the lines of:
x number of users detected
username : password
username was my wifes password and the password was what she set as the password.
the virgin router when I logged in to it said that the firewall was enabled - evidently it was rubbish.
hope you are well. I wanted to pick your brains. I have a server at home running windows server 2016 - with 3 machines running on hyper-v. They had different jobs. one was for torrenting, one for cctv, google sync and another for general usage etc.
Server 2016 was running AD and each user would login with their AD credentials.
Now this is just a home pc, nothing important on there apart from years of pictures etc and CV and browser history and loads of films. They are all set to backup each night onto USB hdd.
Over the weekend I logged in and saw everything had been encrypted and all my files with a weird .encrypted extension. A note pad with an email address saying send some bitcoin to have your data back. Im running on a virgin media line and have a few ports forwarded to the main server and to one of the VM. Luckily I have my data backed up so not an issue but I am looking to rebuild again with better security.
My question is really, how did they get in and what can I do to secure myself? When I logged onto one of the vm's there was a command prompt open with something along the lines of:
x number of users detected
username : password
username was my wifes password and the password was what she set as the password.
the virgin router when I logged in to it said that the firewall was enabled - evidently it was rubbish.