http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Yup, you find out which vendors have really bad updating strategies.
On 2/27/2014 12:03 PM, Ryan Shugart wrote:
I actually have a test GPO to implement this, thanks. The concern we're having
is just what needs to be whitelisted and the process in finding that out. It
won't be fun, some not very smart software sticks executables into the
%appdata% folder and runs from there, such as Java updates, for example.
Ryan
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Susan Bradley
Sent: Thursday, February 27, 2014 12:52 PM
To: [email protected]
Subject: Re: [NTSysADM] RE: Cryptolocker
Software restriction policies.
Ignore the url the concepts are valid
http://www.foolishit.com/vb6-projects/cryptoprevent/
And yes it can also be done with group policy.
I've never seen antivirus actually protect anyone. I've seen a/v
vendors say they have protection but they are always one step behind
because it's really not a virus, it's a program that launches encryption
on your system.
Encryption is not a virus.
On 2/27/2014 11:36 AM, Ziots, Edward wrote:
AV isn’t going to detect advanced malware like CryptoLocker.
As a start I would do a egress filter trust to untrust for these IP’s.
https://discussions.nessus.org/thread/6799
The most
recent alert I saw yesterday came from the Center for Internet
Security <http://www.cisecurity.org/>. In their advisory,
they listed the following IPs as being associated with the network
activity:
144.76.192.130
192.155.83.72
212.2.227.70
95.59.26.43
162.243.66.243
162.243.70.51
166.78.144.80
192.210.230.39
194.28.174.119
195.22.26.231
195.22.26.252
195.22.26.253
195.22.26.254
212.71.250.4
50.116.8.191
69.61.18.148
74.91.124.113
86.124.164.25
87.255.51.229
93.189.44.187
95.211.172.143
96.43.141.186
Are your 3^rd party software on the endpoints up to date?
Z
Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
[email protected] <mailto:[email protected]>
Work:401-255-2497
This electronic message and any attachments may be privileged and
confidential and protected from disclosure. If you are reading this
message, but are not the intended recipient, nor an employee or agent
responsible for delivering this message to the intended recipient, you
are hereby notified that you are strictly prohibited from copying,
printing, forwarding or otherwise disseminating this communication. If
you have received this communication in error, please immediately
notify the sender by replying to the message. Then, delete the message
from your computer. Thank you.
//
*From:*[email protected]
[mailto:[email protected]] *On Behalf Of *Ryan Shugart
*Sent:* Thursday, February 27, 2014 2:27 PM
*To:* [email protected]
*Subject:* [NTSysADM] Cryptolocker
Hi:
We’ve been plagued with Cryptolocker for the past several months, just
two infections yesterday. We’re running McAfee 8.8 with the latest
DATs and its just not finding this virus in time. If anyone is using
an antivirus solution that does detect this, can you let us know?
We’re interested in a possible switch.
Thanks.
Ryan
Ryan Shugart
LAN Administrator
MiTek USA, MiTek Denver
314-851-7414
© COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED
_ ________________________________ _
This communication (including any attachments) contains information
which is confidential and may also be privileged. It is for the
exclusive use of the intended recipient(s). If you are not the
intended recipient(s), please note that any distribution, copying, or
use of this communication or the information in it is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately and then destroy any copies of it.
--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Only two more patching days of XP.... are you ready?
© COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED
________________________________
This communication (including any attachments) contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s), please note
that any distribution, copying, or use of this communication or the information
in it is strictly prohibited. If you have received this communication in error,
please notify the sender immediately and then destroy any copies of it.
--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Only two more patching days of XP.... are you ready?
