Hello All, Please does SW have any plan in place to combat the Gameover Zeus and Cryptolocker attacks?
I'm glad the culprit has been identified and the entire Cryptolocker command shutdown. Thanks Lawrence Garvin
Inasmuch as the person responsible for these attacks has been identified
and the entire Cryptolocker command and control infrastructure is now shutdown, what else do you think would be appropriate?
Russian hacker engineered dazzling worldwide crime spree
Sorry to say but this is not quite true... while they caught a group there are now several more out there... Here is an article about the latest loses... https://www.evolvtec.com/latest-cryptowall-ransomware-damage-estimates-exceed-18-million-dollars-fbi/ The few solutions i have seen on Thwack all seem to rely on knowing the IP address of the bad guys servers... A smart bad guy knows this and to keep in "business" they have lots of servers that move around.... My thought is the best defense would be to monitor the file shares for massive access by a single user.... or if there was a way to track if a user encrypts a file... or my last would be to look for the messages that are left by the bad guys... we have been hit 3 times and each time there is 3 or 4 files left behind in each folder... usually: HTML, TXT and GIF usually named something like HowDecrypt.txt or HowDecrypt.gif or HowDecrypt.htm. My issue is as a new LEM user i am not sure of the best way to do this...
