Software Deployment Question

Rules or filters to detect Cryptowall 3.0

02/04/2015 2143 views
We are trying to put some practices in place to protect better against Cryptowall 3.0. Has anyone used the KACE K1000 to assist with your protection or detection of infected machines such as rules to detect the software AFTER install but BEFORE the encryption occurs? I have written a rule that detects the evidence of the program on a PC, but not before the damage is beginning. Thanks for any info the group can lend. I appreciate it very much. - Jason
0 Comments   [ + ] Show comments


Community Chosen Answer

I had it on one machine at the non-profit I do IT work for and it took only 5-10 minutes after the CEO opened the email for the payload to carryout its encryption. By the time he realized it, it was too late.  The only way to stop something that spreads that fast is to not allow it to execute.
Answered 02/04/2015 by: SMal.tmcc
Red Belt

All Answers

I created an open source program to Audit file shares and detect ransomware in file shares https://ransomwaredetectionservice.codeplex.com/ .  This program will give you the file owner of any ransomware created files.  I use Kace to find the computer that the user/file owner was logged into.  I shutdown the computer and reimage it.
Answered 04/12/2016 by: pcooper
Senior White Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ