Rules or filters to detect Cryptowall 3.0
We are trying to put some practices in place to protect better against Cryptowall 3.0. Has anyone used the KACE K1000 to assist with your protection or detection of infected machines such as rules to detect the software AFTER install but BEFORE the encryption occurs? I have written a rule that detects the evidence of the program on a PC, but not before the damage is beginning. Thanks for any info the group can lend. I appreciate it very much. - Jason
Community Chosen Answer
I had it on one machine at the non-profit I do IT work for and it took only 5-10 minutes after the CEO opened the email for the payload to carryout its encryption. By the time he realized it, it was too late. The only way to stop something that spreads that fast is to not allow it to execute.
Answered 02/04/2015 by: SMal.tmcc
Please log in to comment
log in to commentPlease