/build/static/layout/Breadcrumb_cap_w.png

Rules or filters to detect Cryptowall 3.0

We are trying to put some practices in place to protect better against Cryptowall 3.0. Has anyone used the KACE K1000 to assist with your protection or detection of infected machines such as rules to detect the software AFTER install but BEFORE the encryption occurs? I have written a rule that detects the evidence of the program on a PC, but not before the damage is beginning. Thanks for any info the group can lend. I appreciate it very much. - Jason

0 Comments   [ + ] Show comments

Answers (2)

Posted by: SMal.tmcc 9 years ago
Red Belt
1
I had it on one machine at the non-profit I do IT work for and it took only 5-10 minutes after the CEO opened the email for the payload to carryout its encryption. By the time he realized it, it was too late.  The only way to stop something that spreads that fast is to not allow it to execute.
Posted by: pcooper 7 years ago
Senior White Belt
0
I created an open source program to Audit file shares and detect ransomware in file shares https://ransomwaredetectionservice.codeplex.com/ .  This program will give you the file owner of any ransomware created files.  I use Kace to find the computer that the user/file owner was logged into.  I shutdown the computer and reimage it.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ