April 24, 2021

Employee Home PC got infected by Ransomeware encryptions .. Should I be worried about his work PC that he uses from home ?

We have an employee who’s home PC recently got infected by ransomeware and Ransome notes, he works from home and has informed the IT. All Defender and malwarebytes scans come fine for on his work PC that has work files.

But what should we do at this point about his work PC that he uses from home?

Let him continue to work from home without worrying too much ?

What extra steps should we take about protection of his work PC while he works from home ?

( PC is domain joint, win 10, have mdatp, defended installed, uses files, word docs, excels, applications, one drive, outlook etc )






If it’s on the same home network or has transferred anything, then yes, you should be concerned.


Make sure the user doesn’t have any local or domain admin rights, review of local and network logs, impossible travel within the logs, logins during non work hours, large file upload/downloads, accessing file drop or paste sites (including GitHub type sites), reset the users password, review the users do,aim rights and groups, ensure the user goes through some kind of security training about phishing and malicious web sites. If you have an EDR tool, do a data capture to include the memory.

Odds are the that the ransomware is confined to the persons home system, but you can’t be too sure. Since they were on the same home network lateral movement is a possibility.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.