We are trying to put some practices in place to protect better against Cryptowall 3.0. Has anyone used the KACE K1000 to assist with your protection or detection of infected machines such as rules to detect the software AFTER install but BEFORE the encryption occurs? I have written a rule that detects the evidence of the program on a PC, but not before the damage is beginning. Thanks for any info the group can lend. I appreciate it very much. - Jason
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

1
I had it on one machine at the non-profit I do IT work for and it took only 5-10 minutes after the CEO opened the email for the payload to carryout its encryption. By the time he realized it, it was too late.  The only way to stop something that spreads that fast is to not allow it to execute.
Answered 02/04/2015 by: SMal.tmcc
Red Belt

Please log in to comment

Answers

0
I created an open source program to Audit file shares and detect ransomware in file shares https://ransomwaredetectionservice.codeplex.com/ .  This program will give you the file owner of any ransomware created files.  I use Kace to find the computer that the user/file owner was logged into.  I shutdown the computer and reimage it.
Answered 04/12/2016 by: pcooper
Senior White Belt

Please log in to comment
Answer this question or Comment on this question for clarity

Share