12-28-2016 02:39 PM
Hello,
Recently we have run into a ransomware attack, and it seems as though our LabView files were directly targeted.
Every file in the "\Program files\National Instruments\" directory has been encrypted to the file type:
"[amagnus@india.com].wallet".
For example, the main executable for LabView is :
"LabView.exe.[amagnus@india.com].wallet"
Is this an issue that the community in general is experiencing? We are trying to determine exactly where this threat originated.
Attached is a picture of the file directory (taken using my phone).
Solved! Go to Solution.
12-28-2016 03:04 PM
This appears to be part of a known Virus, as the signature appears on a number of messages, including some for sites suggesting ways to remove the virus.
How you proceed is up to you and your IT Team. Some advice that makes sense to me:
Bob Schor
P.S. -- I don't think this has anything, per se, to do with LabVIEW, just bad luck that this was the Folder that was included in the hit.
12-28-2016 03:35 PM
Thanks for the timely and well thought out response! Glad to hear that it's a local phenomena and not a universal issue.
12-28-2016 03:46 PM - edited 12-28-2016 03:48 PM
@SteveJobs wrote:
Thanks for the timely and well thought out response! Glad to hear that it's a local phenomena and not a universal issue.
I know you actually mean that you are relieved that this is just limited to your site and not universal to NI. That being said, it obviously means there is a huge security hole somewhere in your IT department and if you don't fix it, it could (and probably will) happen again!
Oh, and this kind of thing is so frustrating that companies have been known to just cave and pay up. I think of it as a "fee" for "lessons learned". 😉
I'd probably just call it a day and restore from backup.
12-28-2016 11:37 PM
The LabVIEW folder can be restored by just reinstalling LabVIEW (except maybe for custom settings in the .ini file), so this is not a great way to ask for ransom. I would be much more worried about about personal files.
Is there anything encrypted that is actually of value to the company (or to you) and that cannot be restored from backup?
In any case, follow Bob's advice and take the PC off the network. Maybe somebody from IT has forensic tools to investigate how the infection happened (malicious website, malware attachment, via a USB drive, etc.) so they can better protect in the future.