Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

cryptowall infection

Posted on 2014-11-12
11
310 Views
Last Modified: 2014-11-21
Hey guys,

One of our PC's got infected with the cryptowall virus. It also affected a file share on our NAS. Does this virus spread through the network?

How can it be contained?
0
Comment
Question by:Cobra25
  • 3
  • 3
  • 2
  • +2
11 Comments
 

Accepted Solution

by:
Wesley Johnson earned 166 total points
ID: 40438461
I'm at a public library and this happened to us on the staff-side recently. It jumped from the PC to NAS, but, as best as we can tell, it went no further than that.

Here's a Symantec guide for removal: http://www.symantec.com/security_response/writeup.jsp?docid=2013-091122-3112-99&tabid=3. Unfortunately, if there suggestions don't work, it looks like re-installing Windows is the only way to remove it from the machine. The latest version of Symantec's A/V does offer crytpolocker protection. From what I understand, the professional version of Malwarebytes Anti-Malware does, too.

I've yet to find a way to unlock the files damaged by this infection nor has my boss. That appears to be hopeless. This issue struck us at a time when our backups weren't working properly, so the one that was restored was about a month old. Luckily I found another that was just a couple of weeks old.

Good luck!
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40438464
Cryptowall scans all drives on an infected machine, including mapped drives. Once it has completed its scan, it will send the payload to the encryption server and lock those files. There is nothing you can do at this point, even if you pay they may not get the decryption key before the timer runs out. You will have to restore from backup.
0
 

Expert Comment

by:Wesley Johnson
ID: 40438467
Also, according to a site I found: "CryptoLocker is not a virus (self-replicating malware), so it doesn't spread across your network by itself."
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40438562
Cryptolocker/Cryptowall is not really a virus - Wesley is correct.  The problem is it does so much damage, especially on network shares.  The only reasonable defense is good backups (ones that have been tested).  There is another option, we have recovered files from cryptolocker by using a cloud file backup that does versioning, like crashplan.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40438566
So ive heard it does spread and it doesnt spread, which one is it?

Thanks for the responses so far!
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40438581
It doesn't affect other PC's, it only searches for documents on the local HDD and mapped drives.
0
 

Expert Comment

by:Wesley Johnson
ID: 40438583
My boss tells me that Cryptolocker infects drives on a machine, so, if NAS is mapped, then it will find its way to it. You actually have to download an attachment to bring Crypto to your machine.
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40438609
Yes it will affect any mapped drives.  This is why anyone who maps a drive to their computer should have limited rights.  Even so, files for that person will be encrypted at the very least.  A good backup policy that includes frequent testing of restores is the only defense.  Periodic imaging and reimaging of computers can't hurt.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40438670
Thomas, when you say limited rights, do you mean obviously not a local admin on their PC?
0
 
LVL 27

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 167 total points
ID: 40438727
That would be best.  I also mean that if they need write permissions on the share, well they need it - but only to their own directory.  Many will need write perms to shared directories, almost the definition of a share, just be careful when granting these perms.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 167 total points
ID: 40439393
Cryoptolocker teaches us three lessons:

-have current backups at any time
-don't rely on anti virus software but try to implement some application whitelisting instead
-only grant write access to shares when really needed.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question