Hi CTS-Tech,
Excellent advice above from .Brian and James007.
The malware authors behind these threats have a serious financial motive for constantly crafting new variants that are engineered to evade (even just temporarily) AV protection. Keeping definitions up to date and using additional components is key.
Two additional "best practice" points:
- Ensure you have a working backup solution in place (and that you have tested it works!). This is a must-have against all sorts of disasters, not just crypto threats.
- Lock down your network shares (A simple password can stop these threats cold. It is a few seconds of inconvenience for a user to type in a password to access a mapped drive. Without that protection, these crypto threats will sabotage everything on the local computers and then go hit the mapped drives to damage the whole company.)
And a third, specifically against these Cryptolockers:
3. Ensure your mail server is scanning inbound mail for threats. (Most cryptolockers arrive via a malicious attachment or link to a malicious attachment. Once the user is tricked into running that malicious program, it will do its damage.)
Finally, a request: if your company has been hit with a cryptolocker, try to trace its source back to the malicious attachment of malicious drive-by download file. Get that submitted to Symantec for analysis, open a case with Tech Support, and ask them to get that file examined ASAP! This will not enable SEP to decrypt your files- nothing will do that- but it will save other users and companies the grief of falling victim to this same new variant.
Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions
Hope this helps!! &: )
Mick