Whitelisting for the win...AppLocker is the obvious choice, there are many more products out there that can do it
From: [email protected] [mailto:[email protected]] On Behalf Of Kelsey, John Sent: 15 June 2016 15:00 To: '[email protected]' <[email protected]> Subject: [NTSysADM] RE: Owned by Crypz One was a URL in an email that was obvious spam, but the user thought she really did sign up for the Womens Justice League of America.. One appears to have come from a website, and the other is unknown..the user hasn't fessed up to any specific activity. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Wolf, Daniel Sent: Tuesday, June 14, 2016 1:39 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Owned by Crypz Potentially dangerous attachments were identified and removed from this message. If you believe this attachment is not dangerous and need it delivered, contact the helpdesk at x3070 or [email protected]<mailto:[email protected]>. What's the infection vector? What are people doing to get it? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kelsey, John Sent: Tuesday, June 14, 2016 12:30 PM To: '[email protected]' <[email protected]<mailto:[email protected]>> Subject: [NTSysADM] Owned by Crypz Anybody else getting crushed by the Crypz virus/ransomware? We've been hit 3 times in the last 3 days. Our Sophos email appliance isn't catching it, nor is the Sophos endpoint software..or our Cisco FireSight...or any other products we have on the perimeter. :/ *************************************** John C. Kelsey Penn Highlands Healthcare *: 814.375.3073 * : 814.375.4005 *: [email protected]<mailto:[email protected]> *************************************** [PHH ESig Logo 150dpi] This email and any attached files are sensitive in nature and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of Penn Highlands Healthcare or its affiliates.. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. This email and any attached files are sensitive in nature and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of Penn Highlands Healthcare or its affiliates.. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments.
