It hit our network and spread to mapped drives. Decrypt files show up on several excel; word; and pdf files.


The machines hit were running Intune Endpoint Protection but we are phasing that out and currently installing Symantec Endpoint Protection in its place.


I'm wondering if the IPS component of SEP would help stop this type of attack? I've read mixed reviews on this component.

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0

Maybe a little late to answer the question, my apologies I just registered one a couple of days ago.

We had also to deal with the same incident and unfortunately we had to use backups to recover lost files.

But, did you give a try to AppLocker?

Once I will have implemented it I can provide you with some feedback.

According to what I read on Internet, some configured file screening on file their servers to prevent cryptolocker. I did not try it though.

Answered 08/23/2016 by: Yoplay
White Belt

Please log in to comment
0
We had a similar incident and Microsoft Endpoint didn't protect us. Fortunately we were able to recover the network files from backups, but files on desktops were lost. We now backup more desktops but not everyone has that system installed.
Answered 09/18/2015 by: chucksteel
Red Belt

Please log in to comment
0
We've been hit by this several times and have also relied on backups to recover data. Microsoft Forefront did not protect us. We are working on phasing that out, but you may want to look into a good Anti-Exploit program if SEP does not protect against it. These seem to be where all of the crypto stuff is coming from.
Answered 09/21/2015 by: ethomson
White Belt

Please log in to comment
Answer this question or Comment on this question for clarity