Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Operation Tovar a success, but is it really Gameover for CryptoLocker?


  • Please log in to reply
23 replies to this topic

#16 TsVk!

TsVk!

    penguin farmer


  •  Avatar image
  • Members
  • 6,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:07:50 PM

Posted 05 June 2014 - 06:50 PM

I started sending out fake fishing emails to employees to learn who the random clickers were and help teach people to avoid bad emails and html links etc.

That's a brilliant idea. Consider it pilfered, thanks.

I wish I could setup all users on a guest account but currently the way this company works, they need admin rights to install software on the road.

What we did is create a 'safe.exe' folder. So the user knows if they want to install something they have to put it in there to run it (only specific users have this folder). All other executables are blocked from everywhere on all Windows systems (except program files etc.) by group policy. What this means is the main mechanism of malware installation is blocked. Also, our firewall blocks all outbound connections not on port 80 (with specific exceptions), so even if malware does somehow run it never gets a chance to connect with its C'n'C. It's been a year since our last infection, on more than 100 Windows installations.

 

I'm still not letting this be the end of it, working for some time to get a NIDS operating smoothly enough to start the NIPS features.


Edited by TsVk!, 05 June 2014 - 07:09 PM.


BC AdBot (Login to Remove)

 


#17 Paul_L

Paul_L

  •  Avatar image
  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hudson Valley, NY, IBM country!
  • Local time:05:50 AM

Posted 06 June 2014 - 03:15 AM

What is the best free protection. ....... Any ideas or help gratefully accepted, thanx TC

 

You want ideas ...........

 

STOP CLICKING ON STUFF IN YOUR EMAILS!

 

MAKE FILE BACKUPS TO USB DRIVES AND THEN UNPLUG THEM! (Try Robocopy. It comes with Win 7.)

 

STOP BROWSING TO QUESTIONABLE SITES!



#18 TsVk!

TsVk!

    penguin farmer


  •  Avatar image
  • Members
  • 6,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:07:50 PM

Posted 06 June 2014 - 03:32 AM

But we like our questionable sites... lol



#19 buddy215

buddy215

  •  Avatar image
  • Moderator
  • 20,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:50 AM

Posted 06 June 2014 - 05:58 AM

Cisco is reporting that it has uncovered the use of malvertising to distribute this type of malware.

The malvertising is on some of the most popular websites....of course.

Users click on the ad...they're taken to another hacked website....if they have an exploitable version of

Flash, Java or Silverlight...then...gotcha.

 

SOURCE: Malicious advertisements on major websites lead to ransomware | PCWorld

 

We-are-all-vulnerable.jpg

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
If we are to have another contest in the near future of our national existence, I predict that the dividing line will not be Mason and Dixon’s, but between patriotism and intelligence on the one side, and superstition, ambition, and ignorance on the other. Ulysses S. Grant...Republican president who correctly predicted the cause of Trump's attempted coup.

 

 


#20 zingo156

zingo156

  •  Avatar image
  • Helper Emeritus
  • 3,345 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 06 June 2014 - 07:28 AM

 

I started sending out fake fishing emails to employees to learn who the random clickers were and help teach people to avoid bad emails and html links etc.

That's a brilliant idea. Consider it pilfered, thanks.

I wish I could setup all users on a guest account but currently the way this company works, they need admin rights to install software on the road.

What we did is create a 'safe.exe' folder. So the user knows if they want to install something they have to put it in there to run it (only specific users have this folder). All other executables are blocked from everywhere on all Windows systems (except program files etc.) by group policy. What this means is the main mechanism of malware installation is blocked. Also, our firewall blocks all outbound connections not on port 80 (with specific exceptions), so even if malware does somehow run it never gets a chance to connect with its C'n'C. It's been a year since our last infection, on more than 100 Windows installations.

 

I'm still not letting this be the end of it, working for some time to get a NIDS operating smoothly enough to start the NIPS features.

 

Good ideas TsVK! I didn't think about setting up a safe *.exe folder. I don't know if the users could remember they always have to move exe's to that specific folder to install things but I suppose I could handle a few more calls a day: saftey first. Blocking outbound is a good idea as well but we are in an industry where the computers connect to very specific machines with varrying ports. Most of the time people disable the firewall because they get so many pop-ups about letting a connection through.

 

 

 

Cisco is reporting that it has uncovered the use of malvertising to distribute this type of malware.

The malvertising is on some of the most popular websites....of course.

Users click on the ad...they're taken to another hacked website....if they have an exploitable version of

Flash, Java or Silverlight...then...gotcha.

 

SOURCE: Malicious advertisements on major websites lead to ransomware | PCWorld

 

We-are-all-vulnerable.jpg

 

This is one of the main reasons I personally use ad-block and no script in firefox (I do let some ads in on sites I support this site for example you just have to manually allow the sites you support). I have no anti-virus and have yet to be infected in the last 5 years of using all of my windows based machines. I also have a custom router software/firewall running shibby's version of tomato with blacklists etc. This was a recent addition and I have also added a similar router where I work. It is great with network monitoring by IP etc.


Edited by zingo156, 06 June 2014 - 12:57 PM.

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

#21 Netghost56

Netghost56

  •  Avatar image
  • Members
  • 976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:50 AM

Posted 06 June 2014 - 12:35 PM

 

STOP CLICKING ON STUFF IN YOUR EMAILS!

 

STOP BROWSING TO QUESTIONABLE SITES!

 

In a perfect world, maybe...but this will never happen LOL

 

With my clients I've had pretty good success with AVG or MSE coupled with MBAM.



#22 zingo156

zingo156

  •  Avatar image
  • Helper Emeritus
  • 3,345 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 AM

Posted 06 June 2014 - 12:58 PM

I agree, MSE and MBAM. This has been pretty reliable for me as well. Many people downtalk MSE but it's free so I can't say anthing bad about it right?


If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

#23 TsVk!

TsVk!

    penguin farmer


  •  Avatar image
  • Members
  • 6,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:07:50 PM

Posted 06 June 2014 - 03:38 PM


Good ideas TsVK! I didn't think about setting up a safe *.exe folder. I don't know if the users could remember they always have to move exe's to that specific folder to install things but I suppose I could handle a few more calls a day: saftey first. Blocking outbound is a good idea as well but we are in an industry where the computers connect to very specific machines with varrying ports. Most of the time people disable the firewall because they get so many pop-ups about letting a connection through.

 

 

 

Cisco is reporting that it has uncovered the use of malvertising to distribute this type of malware.

The malvertising is on some of the most popular websites....of course.

Users click on the ad...they're taken to another hacked website....if they have an exploitable version of

Flash, Java or Silverlight...then...gotcha.

 

SOURCE: Malicious advertisements on major websites lead to ransomware | PCWorld

 

We-are-all-vulnerable.jpg

 

This is one of the main reasons I personally use ad-block and no script in firefox (I do let some ads in on sites I support this site for example you just have to manually allow the sites you support). I have no anti-virus and have yet to be infected in the last 5 years of using all of my windows based machines. I also have a custom router software/firewall running shibby's version of tomato with blacklists etc. This was a recent addition and I have also added a similar router where I work. It is great with network monitoring by IP etc.

 

I work in an industrial industry also with many specific machines, it took a while of fiddling to get the firewall right so everything worked properly.

 

We use M0n0wall at my workplace, it has taken some time to configure but the reward has been worth it... At home I used to use Comodo but now I just use Windows firewall. I just go to the same sites generally anyhow. I don't use social media or click ads, so I consider it enough.



#24 Exile9784

Exile9784

  •  Avatar image
  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 21 June 2014 - 11:21 PM

there was once a thread on this website about CryptoStorage which is from a company called InfoWatch, which I'm guessing falls in the same category of Cryptolocker although not from the same maker, but instead of locking your files its collects information about you


Edited by Exile9784, 21 June 2014 - 11:25 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users