Ransomware Attempt

Ransomware Attempt Critical

INC-2043 · Reported 10 Jul 2026, 06:30 PM

Investigating

File-encryption activity was detected on the primary file server cluster. Multiple files were renamed with an unknown extension and a ransom note was written to shared directories. The affected host has been isolated from the network pending forensic analysis.

Activity Timeline
Incident detected

EDR flagged mass file modification on FS-Cluster-02 · 06:30 PM

Host isolated

Automated containment removed host from network · 06:32 PM

Assigned to James Allaire

Escalated to Tier 2 for forensic review · 06:40 PM

Note added

Confirmed lateral movement attempt blocked at segment firewall · 07:05 PM

Indicators of Compromise
TypeValueConfidence
File Hasha3f5...9c1dHigh
IP Address45.83.220.17High
Domainpay-decrypt[.]onionMedium
Details
StatusInvestigating
SeverityCritical
PriorityP1 - Urgent
CategoryMalware
Affected AssetFS-Cluster-02
Source IP45.83.220.17
Assigned Analyst
James Allaire

Tier 2 Analyst