Endpoint Protection

Endpoint did nothing. It came in a email as a word doc. on a fully updated and patched windows 8.1 workstation. We use office 365 and endpoint is upgraded to the latest and greatest. Microsoft had no answer on how this came through their email servers. I’m sure Symantec wont either. Crazy as this has been around for a year or more. Gonna have to make a change. Thank goodness I have good backups and its not symantec backup exec!

Ok, so what other components of SEP do you have enabled in addition to AV? I hope at a minimum the IPS component....

There's a ton of best practices out there if you're intested:

Support Perspective: CTB-Locker and other forms of Crypto malware

https://www-secure.symantec.com/connect/blogs/support-perspective-ctb-locker-and-other-forms-crypto-malware

Recovering Ransomlocked Files Using Built-In Windows Tools

https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

Cryptolocker Q&A: Menace of the Year

https://www-secure.symantec.com/connect/blogs/cryptolocker-qa-menace-year

First Response to: Cryptolocker \ Ransomcrypt\ Encryptor

https://www-secure.symantec.com/connect/articles/first-response-cryptolocker-ransomcrypt-encryptor

The Day After: Necessary Steps after a Virus Outbreak

https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak

https://www-secure.symantec.com/connect/forums/cryptolockercryptodefense-defenses

https://www-secure.symantec.com/connect/forums/there-fixtool-recover-files-encrypted-ransomware

System Infected: Trojan.Cryptolocker

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27046