AV isn’t going to detect advanced malware like CryptoLocker. As a start I would do a egress filter trust to untrust for these IP’s.
https://discussions.nessus.org/thread/6799 The most recent alert I saw yesterday came from the Center for Internet Security<http://www.cisecurity.org/>. In their advisory, they listed the following IPs as being associated with the network activity: 144.76.192.130 192.155.83.72 212.2.227.70 95.59.26.43 162.243.66.243 162.243.70.51 166.78.144.80 192.210.230.39 194.28.174.119 195.22.26.231 195.22.26.252 195.22.26.253 195.22.26.254 212.71.250.4 50.116.8.191 69.61.18.148 74.91.124.113 86.124.164.25 87.255.51.229 93.189.44.187 95.211.172.143 96.43.141.186 Are your 3rd party software on the endpoints up to date? Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Thursday, February 27, 2014 2:27 PM To: [email protected] Subject: [NTSysADM] Cryptolocker Hi: We’ve been plagued with Cryptolocker for the past several months, just two infections yesterday. We’re running McAfee 8.8 with the latest DATs and its just not finding this virus in time. If anyone is using an antivirus solution that does detect this, can you let us know? We’re interested in a possible switch. Thanks. Ryan Ryan Shugart LAN Administrator MiTek USA, MiTek Denver 314-851-7414 © COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
<<inline: image001.png>>
