Question about CryptoLocker

How do you manage to ensure your backup devices do not stay connected to your servers?
Click to expand...

For NAS devices, delete mapped drives or just allow read only. Specify specific user credentials within your backup software.

DAS or USB drives that get rotated offsite, no change. I have a couple of customers that have DAS or USB that don't get rotated. I am looking for suggestions and have let the customer know they are currently vulnerable. One bought a NAS. Suggestions anyone?

What backup systems are you using?
Click to expand...

Mostly Freenas and ShadowProtect. I just signed up with Datto but have not deployed any boxes yet. They tell me they use ZFS and snapshot in their boxes. For cloud backup, mostly Jungledisk.
 
drjones said:
Do we know for sure the most common way it is getting in?

I know that my client who got zapped, opened a .zip file.

Would it make sense to block all .zip files on the clients exchange or hosted spam filter? Or is this getting through another way?

I think that zip files are uncommon enough that any inconvenience would be worth the security.
Click to expand...
And was there a .exe file that they double clicked once they unzipped it?
 
SilverLeaf said:
Dammit SAG, you done found me out! Guess I better hurry and catch that plane to Belize. I wonder if John MacAfee's old place is still available? :D
Click to expand...
You're from Western Kentucky though, I grew up in Eastern (Breathitt)... I still have trouble trying to figure out what some of my family members are saying. :confused:
 
SAG said:
You're from Western Kentucky though, I grew up in Eastern (Breathitt)... I still have trouble trying to figure out what some of my family members are saying. :confused:
Click to expand...

Louisville is as far west as I can lay claims to. Currently residing in Rockcastle County. I also spent several years just outside of Corbin....and yeah, there have been times when I almost needed a translator.....occasionally resulting in some somewhat humorous miscommunications. :)
 
ComputerRepairTech said:
hes probably one of the 12 kazakhstan ip addresses seen by the sinkhole: http://www.checkpoint.com/threatcloud-central/articles/index.html

would be hilarious if i guessed right.
Click to expand...

" In order to measure the scope and velocity of Cryptolocker in the wild, the Check Point malware researchers deployed a live Internet server and registered several of the pre-computed domains, expected to be used by the malware. "

Huh? I'm confused. How do you register domains for this purpose? Wouldn't they already be registered by the bad guys?
 
JustInspired said:
" In order to measure the scope and velocity of Cryptolocker in the wild, the Check Point malware researchers deployed a live Internet server and registered several of the pre-computed domains, expected to be used by the malware. "

Huh? I'm confused. How do you register domains for this purpose? Wouldn't they already be registered by the bad guys?
Click to expand...

Im sure they register a few in advance but i doubt they do months in advance.
 
You must log in or register to reply here.

Similar threads

backwoodsman
[SOLVED] Blank screen after Windows update
Replies
8
Views
889
britechguy
britechguy
phaZed
Microsoft Entra ID flaw allowed hijacking any company's tenant
Replies
1
Views
361
britechguy
britechguy
britechguy
Remote Incident Manager (RIM) by Pneuma Solutions - What kind of market share does it have?
Replies
2
Views
603
Markverhyden
Markverhyden
HCHTech
What hardware to share dual monitors between desktop and laptop
Replies
5
Views
887
GTP
GTP
Velvis
Question about vulnerabilities
Replies
5
Views
873
YeOldeStonecat
YeOldeStonecat
Back
Top