How many of you have been hit with ransomware within the last 6 months?


(Michael McGovern) #1

Ever see Cryptmic? If so how did you stop it? What have you put in to protect yourself against ransomware?


(Scott Themer) #2

We have been hit with Crytpolocker a couple of times, but just once in the last 6 months. We get many emails from overseas customers and sometimes our folks click on something before realizing the email was not from a legitimate customer. User training and constant reminders help, but sometimes they “slip”. We do nightly backups as well as intermittent hourly, so we have not really lost more than an hour of work. Still a pain no matter how you look at it.


(Eric Loughead) #3

We have been hit once by locky…which thankfully was one of our remote users, so it only hit the local drives on the laptop and shared Dropbox folder.


(Paul Gill) #4

We have been hit by Crypto locker twice in the last 6 months. We had to restore some files from back up on our file shares. And one workstation was just rebuilt because it was easier.

However my prior employer which was a regional hospital was getting hit with various ransomware every other week. Some of them were large impacts with 20,000+ files encrypted.


#5

In reaction to the exponential increase in ransomware victims and types of cryptoviruses, many cybersecurity firms have released free anti-ransomware detection tools and decryption tools. A good place to start searching is here: https://www.nomoreransom.org


(David Sutton) #6

Have not seen Cryptmic but did have one computer get infected with locky about 6 months ago when they opened an attachment. I think it was a .zip file which are common attachments for us. And then another computer was infected with crypz about a month later. If I remember correctly it was a link in an email. This year we have focused on training all employees to think before clicking/opening. It has helped to show them examples of the different ways they can be infected. In fact a local TV station got infected when a producer clicked on what they thought was an Adobe Update link. They did a story about it and also on a local Doctor that got infected as well. So we use that 5 minute video as part of our Cyber Security Training.


(David Levin) #7

I have had one user get Locky, and another get Cryptolocker. In both cases I have just done format C: and got the users restarted an couple hours later. I have trained all users not to trust keeping data on their local machines. That is actually part of our new hire IT intro training. That as employee the are responsible to save data on the corporate servers, if it is on the notebook and the notebook gets lost, soda, TSA’ed, malwared, the data is gone. IT will replace with a new setup.

David


(Kev IT M) #8

We have not been hit, but I’m wondering if ransomware is in the general population that targets Apple Macintosh OSX?


(Chris Owen) #9

We’ve been seriously impacted on 3 different occasions in 2016 with local and network drive date encrypted. They were all the result of the neutrino exploit (https://www.sans.org/reading-room/whitepapers/detection/neutrino-exploit-kit-analysis-threat-indicators-36892), as a result of outdated Flash Player on workstations. This was at no fault of the end-user and was the single most important determinant in rolling out Windows 10, as Flash updates are now included in Windows updates. Since the upgrade, we see our users hit compromised websites 5 - 10 times per week, even with OpenDNS deployed, but have had no impact since our workstations are patched. There’s also a lot of great information available from Third Tier for a nominal $ contribution.

Can anyone provide further advise on best practices and what technologies are available to prevent users from accessing exploited sites outside of web and security filtering?


(Jack ) #10

We have been hit once. It was picked up as spam, but was released by the user, then they opened the attachment. Called me over as they watched their desktop icons changing.

It was on a laptop, so we stopped it before it could spread across the network. Had a backup for this user, but usually do not backup desktops.

I still have the email, and use it in training.


(Samuel Smith) #11

We have been clean for yeas.
Since we corporate-wise decided no employee or even partner of the firm will have “admin” rights to their box.
This killed much of the bad stuff and probably helped save a few jobs for the click crazies out there.


#12

We do the same in my company too Scott. Full, differential, and incremental backups to keep things as current as possible. Has come in handy when users aggressively click and get in to something they weren’t expecting. It is a pain, but definitely worth the effort.


#13

We’re getting (spear)phishing attempts on a regular basis, and it certainly seems to be increasing. Fortunately, most of our users suspicious natures and refrain from clicking on the links. We’ve had a couple of instances of ransomware, but our team has been able to restore from backups with little loss.


(Brian Smith) #14

Yes, there is ransomware that targets Mac OSX, but it isn’t nearly as common so it’s not as “worth it” to hackers to send it around. Usually they send only Windows malware because since there is more Windows machines, there is more money available for them to possibly “make.”


(Andrew C) #15

In the last 6 months? No. But about a year an a half ago we got hit with crypolocker. That was a fun exercise in learning what not to do, and flexing our backup/restore function on our shared file server. The best part of it, was that it allowed us to clean house with permissions and departments on that server. So there’s a plus…


(Michael McGovern) #16

could you send me a link to the video?


(David Sutton) #17

www.ksl.com is the local news channel that did the story. This link is to the story with the video. There might be a short ad at first before the video starts.