I'm looking for your thoughts on a situation I've run into. Recently, I followed a post that suggested manually importing the August 24H2 cumulative update into WSUS using some PowerShell commands. I executed two commands to install certain modules but didn't run any scripts afterward. Shortly after, my network was hit by Akira ransomware. I'm wondering if my actions could have compromised the server or if they are just a coincidence. What do you think?
3 Answers
That sounds really rough, I'm sorry you're going through this! Those PowerShell commands you used are likely not the cause of the ransomware. They basically just install modules from the PowerShell Gallery, and since you didn't run any other commands, it’s probably not the infection source unless the gallery was somehow compromised, which would be big news. I’d focus on tracking down how the initial access happened to prevent future incidents.
Have you talked to your cybersecurity insurance team about this? They might have insights on how to handle the situation. Also, try running a sync on your WSUS server and approve the latest update while declining the one from last Tuesday.
Just so you know, the issue with the August update is already resolved by Microsoft, so you might want to check that out. They’ve fixed the installation error you mentioned.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures