I have many consultant stories of ransomware nailing clients with
software restriction policies in place - especially the web cocktail
variants.
Applocker/whitelisting = Enterprise SKUs. Which I hardly ever see in my
space, nor does the customer base afford the time and effort.
Great if you have the budget to do it, sucks if you don't have the
licenses and infrastructure.
On 7/3/2015 11:54 AM, Jonathan Link wrote:
I was posting from my phone in a hurry, DYAC. Software Restriction,
not proper pixies.
Susan, I haven't seen an executable run in any location that has been
blocked by SRP. IF you have a very narrow whitelist, it helps a lot.
On Fri, Jul 3, 2015 at 2:02 PM, Jonathan Link <[email protected]
<mailto:[email protected]>> wrote:
You can also use proper pixies to restrict where software can run.
I've blocked the user profile folder and added an exception for
the desktop and a couple of other places that I can't recall.
Users have to move downloaded apps to ther desktop to install. I
haven't had a Cryptowall infection in 2 years.
On Friday, July 3, 2015, Susan Bradley <[email protected]
<mailto:[email protected]>> wrote:
It changes so fast that as soon as they do the bad guys code
up something new.
there's no silver bullet here.
Silverlight/flash/java. Use it,patch it or lose it.
Web filtering at the firewall. If your firewall doesn't
provide web filtering/UTM options it's time to upgrade. Home
users look at OpenDNS (yes even now that Cisco is buying them)
Filter attachments/zips.
Least priv/non admin.
Block the app location (yes this impacts firefox and office
installs) Google foolishit for non domain or cryptolocker
group policy toolkit
Education to your users that that email you got isn't a legit
email.
On 7/3/2015 10:09 AM, David McSpadden wrote:
Quick, anyone know of a VirusScanning software that is
catching CryptoWall 3.0 yet?
*David McSpadden*
Systems Administrator
Indiana Members Credit Union
P: 317.554.8190 <tel:317.554.8190> |F: 317.554.8106
<tel:317.554.8106>
Description: imcu email icon <http://imcu.com/> Description:
facebook email icon
<https://www.facebook.com/IndianaMembersCU> Description:
twitter email icon <https://twitter.com/IndMembersCU>
Description: email logo
mcp2
This e-mail and any files transmitted with it are property of
Indiana Members Credit Union, are confidential, and are
intended solely for the use of the individual or entity to
whom this e-mail is addressed. If you are not one of the
named recipient(s) or otherwise have reason to believe that
you have received this message in error, please notify the
sender and delete this message immediately from your
computer. Any other use, retention, dissemination,
forwarding, printing, or copying of this email is strictly
prohibited.
Please consider the environment before printing this email.
