Results 1 to 10 of 12
Thread: Anyone ran into this before?
-
10-23-15, 11:12 AM #1
Anyone ran into this before?
Ok, so I get a call early this morning about one of our clients think they have a virus.
So I open my computer before taking my shower and take a quick look.....
and I find that they are infected with Crypto Wall 3.0 Just great.
Now I am at their place of business and I have to cleanup their PC and investigate everyone else for being infected as well.
The worst part, they had mapped network drives, and a couple terrabytes of files are gone on the file servers.....
What a horrible day.-- Intentionally Left Blank --
-
10-23-15, 11:14 AM #2
Re: Anyone ran into this before?
yup, its an encrypted ransom-ware. Down the shared server immediately. Clean/remove the malware from machine preferably via a reimage to make sure it gone. Restore the missing data from backups or shadow copies. The data isn't missing, its been encrypted and unless you pay the ransom-ware demand it won't decrypt. Its a nasty one.
Last edited by Phyrelight; 10-23-15 at 11:20 AM.
-
10-23-15, 11:17 AM #3
Re: Anyone ran into this before?
Oh, DO NOT pay the ransom....that should be obvious. The only way to be completely sure you are free of its hold is a complete reimage of every machine infected and a complete restore of the file share to a preinfected state.
I don't trust 3rd party "cleaning tools" even if they claim they can decrypt cypto wall 3.0 infections
Sucks to be you today......Last edited by Phyrelight; 10-23-15 at 11:23 AM.
-
- Join Date
- 11-13-07
- Location
- Plano, TX and Ruston, LA
- Posts
- 32,364
- Post Thanks / Like
- Blog Entries
- 43
-
10-23-15, 01:23 PM #5
Re: Anyone ran into this before?
Oh I know exactly how this thing works......
Well, for the local machine I basically told the user, too bad, you lost all your files stored locally. (about 18,000 some files).
For the network file shares we have backups (thank the heavens) but they lose two days of work for every employee in the company...... and they can't work till the restore is completed, which is going to take a day or more.
Luckily Trend Micro and Malwarebytes got rid of the infection. Now I just have to cleanup all the encrypted files and get rid of the Ransom Files all over.
I also found the email that got the user infected. It had an attached word document. And when opened if you enabled macros you were screwed.-- Intentionally Left Blank --
-
10-23-15, 01:24 PM #6DJ Ms. White liked this post
-
10-23-15, 01:29 PM #7
Re: Anyone ran into this before?
Sounds about right. Lucky when we had to deal with it our users don't have documents stored locally. We remap everything but desktop to server. We were only down for as long as we were because we scanned the entire network before bringing the network shares back online just to make sure it hadn't moved horizontally to another system.
We have imaging technology in place (thick image MDT2013 sticks that I made) so all desk-side machines where re-imaged and back online in less than 4 hours.
As a side note, since then we have 100% encryption of all devices. Its mandated on high. Great side effect of being encrypted...these SOBs can't encrypt whats already encrypted. At least, not yet.Last edited by Phyrelight; 10-23-15 at 01:31 PM.
-
- Join Date
- 11-13-07
- Location
- Plano, TX and Ruston, LA
- Posts
- 32,364
- Post Thanks / Like
- Blog Entries
- 43
10-23-15, 04:49 PM #8Re: Anyone ran into this before?
enf-Jesus its been like 12 minutes and you're already worried about stats?! :-P
Bigdog-Sweet home Alabama you are an idiot.
-
- Join Date
- 10-21-08
- Location
- Waco, Texas
- Posts
- 12,228
- Post Thanks / Like
- Blog Entries
- 6
10-27-15, 02:56 AM #9Re: Anyone ran into this before?
According to the FBI, you should have just paid the ransom.
The FBI Thinks Ransomware Victims Should 'Just Pay Up'
-
10-27-15, 09:50 AM #10
Re: Anyone ran into this before?
That's ironic considering the special agent from the FBI that just did a security review at my University for IT staff last month strictly said don't pay.
That article is more of a, yes let us know but please be aware that the FBI can't get your files back.......So if you contact them just know that if you don't have backups you will end up having to pay the ransom if you need the filesLast edited by Phyrelight; 10-27-15 at 09:54 AM.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Bookmarks