Infected by Ransomware TWICE under Protection by Kaspersky

The 1st time:
About several months ago, one of my family's desktop was infected. All the word (doc, docx) and txt files were encrypted, but other fuile type, like mp3, image files were not. The date of encrypted files were changed to 2022/01/13.
The desktop had Win10 and Kaspersky Endpoint Seurity 11.6 installed. Then the C drive was formatted and new Win10 and Kaspersky Endpoint Seurity 11.6 was installed

The 2nd time:
Today, the files in that desktop, including mp3, image files were all encrypted, while the mp3 file can be read a few days ago.

The desktop is used by adult, who has good habit of using computer for more than 10 years. They use computer for web broswering (limited websites), online banking, online game (official, legitimated app installed), some online flash games.

He told me that the mp3 files can be opened a few days ago.

 

How can we help you? Do you have any specific question in mind?

 

first conclusion: also a paid antivirus may fail.
second: a special big fail for kaspersky
third: any antivirus will fail on current builds of ransomware, because its tested against all.
forth: someone has admin rights where should not
fifth: again someone in family failed again:
https://www.wilderssecurity.com/threads/kav-stop-working-after-changing-system-time.103914/
sixth: no backup means no important data

the current security concept (if there was some) failed in worst manner. ransomware do not happen like magic.

 

7th... KES 12.x is out for months, current last build 12.2

8th... Endpoint to protect home family system?

9th... Was KES managed? KES best potential is to be managed via a centralized console, where You can apply security policies and restrictions.

...

 

KES perhaps to administrate several devices. KES (5 seats minimum) is also available as "Education". but yes, outdated means less security.

 

But I wonder how did you get infected, what type of apps or files did you download? And yes, sadly enough AV's can't offer 100% protection, so you will always need a back up of your files and you might want to install extra protection tools like AppCheck, see link.

https://www.snapfiles.com/get/appcheckantiransom.html

 

Instead of 47 conclusions this is the number one answer to look for.

 

cite: "a fool with a tool is still a fool"

 

Far too many lately are of the assumption that anti-malware applications meant for the Enterprise must be better than those made for the Home. Not only is there little evidence of such superiority when used for a single Endpoint, but there IS evidence that they can be considerably worse when managed by the less technologically astute.

The Enterprise products may be considered sexy to use, but they are also expensive and complicated to use properly. I really hope that this is just a fad.

 

I believe that the safest thing to do is to follow Rasheed187 advice, make an image at least once a week. I make at least 2. But I store them on an external disk that is not connected to my PC. In addition, I save the last image I saved on another external disk in case the first one gets infected when I transfer data to it.

 

I have been using Kaspersky for more than 20 years and never been attacked by virus like this time.
So I want to know the answer too.

 

I have a pretty good idea what happened here.

First, a review of the ransomware attacks. The first attack in 2022. The user performs a reformat and reinstalls Windows. Then just recently, he gets nailed by ransomware again.

Both Kaspersky and Eset have excellent tamper protection. However, they are no match for an attacker who has gained access to the targeted device. Once the attacker gains access to the device, he simply disables real-time, ransomware, etc. protection via access of the Kaspersky GUI interface.

Both Eset and Kaspersky have GUI password protection. However, it must be manually enabled. In Kaspersky Endpoint, password protection is enabled via: https://support.kaspersky.com/KESWin/12.0/en-US/123303.htm

 

ransomware is in common a mail attack. i linked to an issue caused by your son, i wont deny that this stupid person has been beaten again. sorry, get your son a machine of his own and kick his ass off your machine.

 

@networm
I've been here since April 2011 and all that time I've been trying to make it clear to people that no antivirus can protect you from anything. They simply cannot protect because this technology does not work. But the person still has to make sure by trial and error that it doesn't work. Any of them not working and it's not possible to start working never. This technology, they uses, cannot work never.
Good luck to You and everyone else.

 

Referring to @cruelsister comments on use of endpoint security products in unskilled hands, KEP also has a command line interface as do most endpoint AVs. An attacker that has access to the device could silently uninstall KEP unless it settings were previously password protected: https://support.kaspersky.com/KESWin/12.0/en-US/123471.htm .

 

Thank you for the suggestions, andI I willl follow itman's suggestion to enable password for KES.
Still don't know where the virus comes from

 

The computer is used by adult, I updated some info on #1 post. They stopped using email a long time ago.

 

Since I switched from Kaspersky ~10 yrs ago to the #1 security solution rated year after year. Since then no problems. Knock on wood.

 

What's the standard for "#1 security solution rated"?

 

BD year after year.

 

@networm If the computers are getting infected, then almost certainly it is due to opening infected files, e.g. infected email attachments, or cracked software. While Kaspersky is one of the best antiviruses, no antivirus provides 100% protection and if you open random files, you will get infected sooner or later, no matter what antivirus you use. The vast majority of infections can be avoided by not opening infected files. So it pays to always be very careful about what files you open.

 

My firt Kaspersky 2011 No problems detecting infections until today.

 

No kaspersky,no eset, no this, no that - nothing since decades. tadaa.

 

Yes regular imaging is the best. I plead laziness. I keep meaning to install an imaging program. I just switched from W7P64 to W11P. And I don't know if EaseUs To Do Advanced Server version 5.5 will work on it.

 

Hello, anyone can write as he did, provide some evidence because you are slandering Kaspersky and you can be from another company, e.g. BD..etc. NoR And now it's fashionable that everything bad is Kaspersky For me it is one of the two best antiviruses Greetings to everyone