Thanks everyone. We’re not 100% sure how its getting in, but we think people are sending emails and our email provider isn’t blocking them, then they come onto the network that way. We verified McAfee has the latest DATS on the infected machines, and we have Symtecs at all of our offices, and obviously none of that’s helping. We’re looking into the application whitelisting, that’s just going to have to go through a lot of testing, especially with our developers because I know they’ll throw a fit from you know where if we block too much on their systems. On the other hand, this is just getting ridiculous so something’s going to have to give. Thanks again.. Ryan
From: [email protected] [mailto:[email protected]] On Behalf Of Ziots, Edward Sent: Thursday, February 27, 2014 12:49 PM To: [email protected] Subject: RE: [NTSysADM] Cryptolocker Cryptolocker is also getting dropped with the latest web exploit kits also. If you can implement egress filter via GEO-IP you can lower your attack surface by knocking out countries you have no reason talking with. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Richard Stovall Sent: Thursday, February 27, 2014 2:37 PM To: [email protected] Subject: Re: [NTSysADM] Cryptolocker How is it getting in? We have (fingers crossed, wood sufficiently knocked) not been plagued by this yet. We have A/V on workstations, scan all traffic at the edge with a UTM firewall (SonicWall), and then e-mail is scanned again by a Barracuda before being delivered to Exchange. We also mandate security awareness training for all computer users (Stu's knowbe4.com<http://knowbe4.com>) and I have to say that people have really started paying attention to what they click on in e-mail. We run the phishing tests regularly and that has augmented the effectiveness of the training videos to a very large degree. Good luck. On Thu, Feb 27, 2014 at 2:27 PM, Ryan Shugart <[email protected]<mailto:[email protected]>> wrote: Hi: We’ve been plagued with Cryptolocker for the past several months, just two infections yesterday. We’re running McAfee 8.8 with the latest DATs and its just not finding this virus in time. If anyone is using an antivirus solution that does detect this, can you let us know? We’re interested in a possible switch. Thanks. Ryan Ryan Shugart LAN Administrator MiTek USA, MiTek Denver 314-851-7414<tel:314-851-7414> © COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it. © COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
<<inline: image001.png>>
