we have the Ransomware Threat Massage for CRQAPXHK.WLU on our Beacon Server?
Is this a part of the Flexera Beacon process?
We have similar messages several times on the print servers. But these are not threats only "strange name changes" that are required for a process / scan.
Oct 07, 2021 05:15 AM
I have not heard of any false positive threat reports for this ransomware being triggered by the FlexNet Beacon Servers software.
In the absence of any information or insight which might suggest a contrary approach, I would be inclined to immediately disconnect the beacon from the network in response to a message like this to allow your security teams to verify whether this is a real threat.
Oct 07, 2021 06:15 AM