Endpoint Protection

 View Only
Back to Library

Cryptolocker 

Nov 07, 2013 07:13 PM

Cryptolocker (http://en.wikipedia.org/wiki/CryptoLocker) is a new malware that surfaced recently. It is wreaking havoc on Windows file shares and locking people out of their files. The malware encrypts commonly used documents and prevents the user from accessing them. The malware will then attempt to extract payment from you to unlock your files. Arstechnica has a great writeup on this (http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/).

 

Some tips on dealing with this malware:

  1. Ensure your virus protection is up to date
  2. Restrict workstation permissions so that the general users have limited access rights
  3. Ensure your backup policies are good
  4. Make sure all your fileshares are backed up often
  5. You can find the source of the infection by viewing which user has ownership permissions on the infected file(s). That way you can isolate their workstation.

 

Thankfully, Symantec Endpoint Protection protects from this virus: http://www.symantec.com/connect/forums/cryptolocker-are-we-safe

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Nov 20, 2013 02:06 PM

Backup, backup, backup and don't open unkonwn emails..

thank you for article!

Mick2009
Nov 14, 2013 05:12 AM

Thanks for raising awareness, megamanVI!

The article Recovering Ransomlocked Files Using Built-In Windows Tools, deals with a few possible ways how to prevent and recover from Trojan.Cryptolocker- one of today's most-destructive threats- should it infect your network and hold your data hostage.

Migration User
Nov 08, 2013 01:02 PM

I want to add that Spiceworks has some group policy templates that you can import and apply in your environment.

http://community.spiceworks.com/topic/396103-cryptolocker-prevention-kit-updated

Related Entries and Links

No Related Resource entered.