Tales from the CryptoLocker: Wrestling with ransomware.

[aztony]

A few weeks ago, I had someone in our customer service department open an email from a legitimate client that contained a .zip file. This wasn’t exactly normal correspondence, but it also wasn’t unusual to be contacted via email by this contact. Shortly after, I was called and informed it appeared we had a virus. They said a strange pop-up warning message came up and they couldn’t get rid of it.

“Please don't click anything anymore” I replied. I asked if it resembled our antivirus alerts or had any reference to our recently added web filter. They told me that less than a minute after the .zip file was opened, they got the 72-hour countdown screen from CryptoLocker stating that they needed to purchase the $300 encryption key or all data would be encrypted and useless.

I told the person to unplug the PC from the network, and I literally ran to my car, drove to the offsite facility and dashed inside! I powered it off and told him he would have to work from another station for the rest of his shift. I walked out with the infected piece of hardware under my arm in a full nelson.

Continue reading: http://community.spiceworks.com/topic/417412-tales-from-the-cryptolocker-wrestling-with-ransomware?utm_campaign=1209&utm_medium=spotlight&utm_source=swemail

 

[Littlebits]

Don't open suspicious files and you will not have to worry.
CryptoLocker will most definitely make the user learn what not to do.
After they loose all of their files they will probably want to be more careful and watch what they do from then on.

I have had customers with several infections on their system and simply don't even care and continue to make the exact same mistakes, this CryptoLocker will make them want to care after all their files are gone.

CryptoLocker might be the best lesson to learn how to safely download files.

Thanks.

 

[samit]

Don't open suspicious files and you will not have to worry.
CryptoLocker will most definitely make the user learn what not to do.
After they loose all of their files they will probably want to be more careful and watch what they do from then on.

I have had customers with several infections on their system and simply don't even care and continue to make the exact same mistakes, this CryptoLocker will make them want to care after all their files are gone.

CryptoLocker might be the best lesson to learn how to safely download files.

Thanks.

don't wanna do in a good way...lets do in a bad way

 

[aztony]

Don't open suspicious files and you will not have to worry.

Tough call to make by an employee in the context of this particular incident.

I had someone in our customer service department open an email from a legitimate client that contained a .zip file. This wasn’t exactly normal correspondence, but it also wasn’t unusual to be contacted via email by this contact.

 

[Littlebits]

Tough call to make by an employee in the context of this particular incident.

In that incident the employee had to do more than just open the zip file, the employee had to run an executable file which was not digitally signed, if he/she did this on Vista or newer Windows UAC and/or Windows Digital file warning would have notified them and the employee must have ignored the prompts and run the file anyway. If companies would train their employees, this would have not happened.
Most companies never get attachments with zipped executable files, usually only documents. That should have been the first sign that something wasn't right. All employees should know the difference between documents and executable files. The company should have their employees setup on a Limited User Account if they can train they employees properly. Most common office documents will open just fine on a Limited User Account but malicious executable files will not run. So the negligence lies on the company not the employee, for not taking safe guards.

Thanks.

 

[I'm Me]

In that incident the employee had to do more than just open the zip file, the employee had to run an executable file which was not digitally signed, if he/she did this on Vista or newer Windows UAC and/or Windows Digital file warning would have notified them and the employee must have ignored the prompts and run the file anyway. If companies would train their employees, this would have not happened.
Most companies never get attachments with zipped executable files, usually only documents. That should have been the first sign that something wasn't right. All employees should know the difference between documents and executable files. The company should have their employees setup on a Limited User Account if they can train they employees properly. Most common office documents will open just fine on a Limited User Account but malicious executable files will not run. So the negligence lies on the company not the employee, for not taking safe guards.

Thanks.

You really know your stuff, Littlebits!

Thanks for sharing that information. That is really good to know.