Endpoint Protection

Hi All,

Just want to know had any one here come across this ransonware before because this BitCrypt v2.0.

Can i know also did Symantec had any concern about this ransonware and solution?

as SEP seems not strong enough to prevent this ransonware being exploit from client PC.

Can i seek the help from you guy any solution i do in order to remove this kind of ransonware from the end user pc?

Thanks

Recovering Ransomlocked Files Using Built-In Windows Tools

https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

Two Reasons why IPS is a "Must Have" for your Network

https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network

First Response to: Cryptolocker \ Ransomcrypt\ Encryptor

https://www-secure.symantec.com/connect/articles/first-response-cryptolocker-ransomcrypt-encryptor

chek the removal tab

http://www.symantec.com/security_response/writeup.jsp?docid=2013-091122-3112-99&tabid=2

ask the end users not to open a email from unknown source. Have strict email gateway solution along with web gateway.

Hi James,

Thanks for your note

Hi Pete,

User did open and end up, his pc was encrypted. Currently i had resotre the registry but still it seems the files still being encrypt.

currently the tools on removal did not detect any malicious programs or file.

i need to go through registry and folder to check.

Any pointer that i can had from your end?

Thanks

I think this is new variant you can submit the submission file.

sample submit to symantec please

https://submit.symantec.com/websubmit/retail.cgi

see this thread also

https://www-secure.symantec.com/connect/forums/cryptodefense-can-sep-detect-and-stop-it

Hi James,

It is a new variant,

however my thumbdrive seems be encryted as well,

currently i am trying other alternative. Will update you all, as this seems interesting.

Do you have a backup? If not, chances are you won't be able to get your files back.

Security Response recommendations for Symantec Endpoint Protection 12.1 settings

my laptop infected by BitCrypt v2.0 cryptovirus

and this virus change all document file exetension lik jag.bitcrypt2, doc.bitcrypt2,pdf and excel file also change extention . so, is there any solution,......

i m waiting to response..........

regards,

Shailesh

Do you have a backup of your files? If not, they are most likely gonen unless you pay the ransom (NOT recommended).

Hi Brian,

This ransonware hit us in a sudden, currently all files cannot be safe. The Whole system need to be format.

Hi,

Currently still working with symantec local support for doing forensic for infected host. As for my case, we had to format the system, we had no other choice.

Thanks

Hi Brian,

had check on few website and blog, many of them do pay the ransom but the worst part is that they did not even decrypt the files even had paid.

Currently i think we need to gather such/similar cases and forward to symantec in order to get the root cause. Currently we still had no idea the infection vector.

Did your end faced similar issue?

Have not had an actual infection yet, although our layered security approach using SEP has stopped attempts.

Hi chhowa,

Once they are found, please do submit the files which were responsible for the encrypting.  This will not be able to reverse the sabotage, but it will enable Symantec to create protection against this new variant and save additional computers from falling victim.

Many thanks!

Mick

Hi All,

Update for this thread. Our local symantec support had do forensic for this infected pc but yet unable to get the source file. Currently still waiting the next instruction from local symantec support

Hi chhowa,

Many thanks for the post.  Please do continue to keep the thread up-to-date, and take measures to ensure the other computers are secure.

The Day After: Necessary Steps after a Virus Outbreak
https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak

All the best,

Mick

Hi again,

Just adding a note: Symantec has broken out a new detection for this variant.  The following definitions cover cryptowall and BitCrypt.

Trojan.Ransomcrypt.I

http://www.symantec.com/security_response/writeup.jsp?docid=2014-051514-5659-99