• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

stoping cryptowall

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

saturn

Disabled
Joined
Dec 31, 2015
I been dealing with cryptowall a lot at work and with the newest version now having the ability to cover it tracks it makes it one step harder to fight. Heck I have an acquaintance that worked for DoD and HLS dealing with this kind of stuff and he can't even trace down how it gets into a PC anymore.
I was wondering if anyone else as dealt with it before and found a good way to stop it all together or slow it down? Other then user education.
 
Last edited:

Pvt.Dancer

Member
Joined
May 12, 2010
Location
Wilsonville, OR
Yes delt with it and yes it's a massive PITA... Recently my company partnered with Sophos UTM (I highly recommend version 9 over XG) Appliances which actually has been blocking it before entering networks. We've seen this happen in 2 different locations, I couldn't guarantee it's perfect but 2 different companies protected before it ever hit the network is a beautiful thing to see.

other than that... Good backups, is the best cause all you can do is recover in my experience.

EDIT: I should mention that Sopho's offers a virtual "Home" edition of both XG and 9 to play with\test for free. I use it at home and love it, have it setup as a virtual machine on my server but could be easily put on an old PC with 2 nics.
 
OP
S

saturn

Disabled
Joined
Dec 31, 2015
Thankyou.

We have a similar setup. But with the newest version of cryptowall somehow get past everything. Then cover it's tracks. I did a full forensics investigation on one of the PC's that it came in though and found nothing. In fact nothing we had the got hit by it showed any trace of how it go there.
 

Silver_Pharaoh

Likes the big ones n00b Member
Joined
Sep 7, 2013
Ugggh. One of the ugly sides of crypto...

Backups are key really, preferably offline so the virus can't encrypt it.
 
OP
S

saturn

Disabled
Joined
Dec 31, 2015
Well I certainly hope that's not going to be the new pattern cause it really freaking sucks dealing with these.

Good luck!
It sure dose suck.
On a side note the warnings you get with the new cryptowall is down right funny.

Ugggh. One of the ugly sides of crypto...

Backups are key really, preferably offline so the virus can't encrypt it.

lucky we do that.
 

Pvt.Dancer

Member
Joined
May 12, 2010
Location
Wilsonville, OR
In all the versions I've encountered it's just making sure that the backup server isn't a mapped drive\shortcut anywhere. it can be on the network and everything else but Crypto will make it's way through your mapped drives and take them all out.

I haven't had the b**** just go out and find open network shares (all my backup shares are protected by special creds anyways) and start encrypting... yet... but if it's shared and mapped on a pc you're in trouble lol
 
OP
S

saturn

Disabled
Joined
Dec 31, 2015
The newest version will go after network drives that the use has rights to. even if its not mapped or shortcutted.
 

Pvt.Dancer

Member
Joined
May 12, 2010
Location
Wilsonville, OR
Hmm that is really interesting, though that seems like the natural evolution of things. All the more reason to make sure you have good permissions, file structures and backups in place.