A few months ago we were victim of a ransomware attack. We just recovered all the files because there was no option to unencrypt and we did remove the virus.
Now, I can see that my clients connected to the server are experiencing interruptions and very low speed in the communication via remote desktop connection. When I check the server with GlassWire, I can see that the Local Security Authority Process is sending a lot of information out to hosts in China, Romania, England, etc.
My question is how can I block that traffic, since the antivirus is showing me that there are no infections at all. I appreciate any help.