Has anyone battled the cryptowall virus?

It hit our network and spread to mapped drives. Decrypt files show up on several excel; word; and pdf files.

The machines hit were running Intune Endpoint Protection but we are phasing that out and currently installing Symantec Endpoint Protection in its place.

I'm wondering if the IPS component of SEP would help stop this type of attack? I've read mixed reviews on this component.

0 Comments   [ + ] Show comments

Answers (3)

Posted by: Yoplay 4 years ago
White Belt

Maybe a little late to answer the question, my apologies I just registered one a couple of days ago.

We had also to deal with the same incident and unfortunately we had to use backups to recover lost files.

But, did you give a try to AppLocker?

Once I will have implemented it I can provide you with some feedback.

According to what I read on Internet, some configured file screening on file their servers to prevent cryptolocker. I did not try it though.

Posted by: chucksteel 5 years ago
Red Belt
We had a similar incident and Microsoft Endpoint didn't protect us. Fortunately we were able to recover the network files from backups, but files on desktops were lost. We now backup more desktops but not everyone has that system installed.
Posted by: ethomson 5 years ago
White Belt
We've been hit by this several times and have also relied on backups to recover data. Microsoft Forefront did not protect us. We are working on phasing that out, but you may want to look into a good Anti-Exploit program if SEP does not protect against it. These seem to be where all of the crypto stuff is coming from.
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ