Operation Tovar a success, but is it really Gameover for CryptoLocker?

I started sending out fake fishing emails to employees to learn who the random clickers were and help teach people to avoid bad emails and html links etc.

That's a brilliant idea. Consider it pilfered, thanks.

I wish I could setup all users on a guest account but currently the way this company works, they need admin rights to install software on the road.

What we did is create a 'safe.exe' folder. So the user knows if they want to install something they have to put it in there to run it (only specific users have this folder). All other executables are blocked from everywhere on all Windows systems (except program files etc.) by group policy. What this means is the main mechanism of malware installation is blocked. Also, our firewall blocks all outbound connections not on port 80 (with specific exceptions), so even if malware does somehow run it never gets a chance to connect with its C'n'C. It's been a year since our last infection, on more than 100 Windows installations.

I'm still not letting this be the end of it, working for some time to get a NIDS operating smoothly enough to start the NIPS features.

Edited by TsVk!, 05 June 2014 - 07:09 PM.

What is the best free protection. ....... Any ideas or help gratefully accepted, thanx TC

You want ideas ...........

STOP CLICKING ON STUFF IN YOUR EMAILS!

MAKE FILE BACKUPS TO USB DRIVES AND THEN UNPLUG THEM! (Try Robocopy. It comes with Win 7.)

STOP BROWSING TO QUESTIONABLE SITES!

But we like our questionable sites... lol

Cisco is reporting that it has uncovered the use of malvertising to distribute this type of malware.

The malvertising is on some of the most popular websites....of course.

Users click on the ad...they're taken to another hacked website....if they have an exploitable version of

Flash, Java or Silverlight...then...gotcha.

SOURCE: Malicious advertisements on major websites lead to ransomware | PCWorld

 

I started sending out fake fishing emails to employees to learn who the random clickers were and help teach people to avoid bad emails and html links etc.

That's a brilliant idea. Consider it pilfered, thanks.

I wish I could setup all users on a guest account but currently the way this company works, they need admin rights to install software on the road.

What we did is create a 'safe.exe' folder. So the user knows if they want to install something they have to put it in there to run it (only specific users have this folder). All other executables are blocked from everywhere on all Windows systems (except program files etc.) by group policy. What this means is the main mechanism of malware installation is blocked. Also, our firewall blocks all outbound connections not on port 80 (with specific exceptions), so even if malware does somehow run it never gets a chance to connect with its C'n'C. It's been a year since our last infection, on more than 100 Windows installations.

 

I'm still not letting this be the end of it, working for some time to get a NIDS operating smoothly enough to start the NIPS features.

 

Good ideas TsVK! I didn't think about setting up a safe *.exe folder. I don't know if the users could remember they always have to move exe's to that specific folder to install things but I suppose I could handle a few more calls a day: saftey first. Blocking outbound is a good idea as well but we are in an industry where the computers connect to very specific machines with varrying ports. Most of the time people disable the firewall because they get so many pop-ups about letting a connection through.

 

Cisco is reporting that it has uncovered the use of malvertising to distribute this type of malware.

The malvertising is on some of the most popular websites....of course.

Users click on the ad...they're taken to another hacked website....if they have an exploitable version of

Flash, Java or Silverlight...then...gotcha.

 

SOURCE: Malicious advertisements on major websites lead to ransomware | PCWorld

 

 

This is one of the main reasons I personally use ad-block and no script in firefox (I do let some ads in on sites I support this site for example you just have to manually allow the sites you support). I have no anti-virus and have yet to be infected in the last 5 years of using all of my windows based machines. I also have a custom router software/firewall running shibby's version of tomato with blacklists etc. This was a recent addition and I have also added a similar router where I work. It is great with network monitoring by IP etc.

Edited by zingo156, 06 June 2014 - 12:57 PM.

 

STOP CLICKING ON STUFF IN YOUR EMAILS!

 

STOP BROWSING TO QUESTIONABLE SITES!

 

In a perfect world, maybe...but this will never happen LOL

With my clients I've had pretty good success with AVG or MSE coupled with MBAM.

I agree, MSE and MBAM. This has been pretty reliable for me as well. Many people downtalk MSE but it's free so I can't say anthing bad about it right?

Good ideas TsVK! I didn't think about setting up a safe *.exe folder. I don't know if the users could remember they always have to move exe's to that specific folder to install things but I suppose I could handle a few more calls a day: saftey first. Blocking outbound is a good idea as well but we are in an industry where the computers connect to very specific machines with varrying ports. Most of the time people disable the firewall because they get so many pop-ups about letting a connection through.

 

 

 

Cisco is reporting that it has uncovered the use of malvertising to distribute this type of malware.

The malvertising is on some of the most popular websites....of course.

Users click on the ad...they're taken to another hacked website....if they have an exploitable version of

Flash, Java or Silverlight...then...gotcha.

 

SOURCE: Malicious advertisements on major websites lead to ransomware | PCWorld

 

 

This is one of the main reasons I personally use ad-block and no script in firefox (I do let some ads in on sites I support this site for example you just have to manually allow the sites you support). I have no anti-virus and have yet to be infected in the last 5 years of using all of my windows based machines. I also have a custom router software/firewall running shibby's version of tomato with blacklists etc. This was a recent addition and I have also added a similar router where I work. It is great with network monitoring by IP etc.

 

I work in an industrial industry also with many specific machines, it took a while of fiddling to get the firewall right so everything worked properly.

We use M0n0wall at my workplace, it has taken some time to configure but the reward has been worth it... At home I used to use Comodo but now I just use Windows firewall. I just go to the same sites generally anyhow. I don't use social media or click ads, so I consider it enough.

there was once a thread on this website about CryptoStorage which is from a company called InfoWatch, which I'm guessing falls in the same category of Cryptolocker although not from the same maker, but instead of locking your files its collects information about you

Edited by Exile9784, 21 June 2014 - 11:25 PM.