I mentioned admin rights,yes. But isn't the issue is that the ransomeware gets an elevated priviliege from something that is not patched or securely set up. The applocker will be great when I get to put Enterprise versions of the OS on all our pc's but until this patching and secure set up is all I have to go by.
From: [email protected] [mailto:[email protected]] On Behalf Of James Rankin Sent: Wednesday, June 15, 2016 10:31 AM To: [email protected] Subject: [NTSysADM] RE: Owned by Crypz Precisely....just access to files From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: 15 June 2016 15:21 To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Owned by Crypz The ransomeware's don't need admin rights to ruin your day. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David McSpadden Sent: Wednesday, June 15, 2016 10:17 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Owned by Crypz So is flash updated/uninstalled, Java up to date, macro's disabled, virusscan up to date, local admin rights disabled? How are the three clients all installing and executing the crypz after it has been allowed admin access to the pc? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kelsey, John Sent: Wednesday, June 15, 2016 10:00 AM To: '[email protected]' <[email protected]<mailto:[email protected]>> Subject: [NTSysADM] RE: Owned by Crypz One was a URL in an email that was obvious spam, but the user thought she really did sign up for the Womens Justice League of America.. One appears to have come from a website, and the other is unknown..the user hasn't fessed up to any specific activity. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Wolf, Daniel Sent: Tuesday, June 14, 2016 1:39 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Owned by Crypz Potentially dangerous attachments were identified and removed from this message. If you believe this attachment is not dangerous and need it delivered, contact the helpdesk at x3070 or [email protected]<mailto:[email protected]>. What's the infection vector? What are people doing to get it? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kelsey, John Sent: Tuesday, June 14, 2016 12:30 PM To: '[email protected]' <[email protected]<mailto:[email protected]>> Subject: [NTSysADM] Owned by Crypz Anybody else getting crushed by the Crypz virus/ransomware? We've been hit 3 times in the last 3 days. Our Sophos email appliance isn't catching it, nor is the Sophos endpoint software..or our Cisco FireSight...or any other products we have on the perimeter. :/ *************************************** John C. Kelsey Penn Highlands Healthcare *: 814.375.3073 * : 814.375.4005 *: [email protected]<mailto:[email protected]> *************************************** [PHH ESig Logo 150dpi] This email and any attached files are sensitive in nature and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of Penn Highlands Healthcare or its affiliates.. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. This email and any attached files are sensitive in nature and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of Penn Highlands Healthcare or its affiliates.. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
