Solved

What are the best practices to clean up a network after a Cryptolocker attack?

Posted on 2015-02-16
4
271 Views
Last Modified: 2016-02-25
Somebody in a small network inadvertently downloaded and executed a Cryptolocker virus program.
Before I came into the picture they decided to pay the attackers, and they unlock the files.

Now they have called me to provide them with a clean up process, so that they can make sure no traces of the cryptolocker are left on any computer in the network.

Can you please provide me with the best practices to clean up a network after a Cryptolocker attack?

And also the best practices to keep them to being attacked again?
0
Comment
Question by:cargex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 23

Accepted Solution

by:
Michael74 earned 250 total points
ID: 40613045
Have a look at this product by Mcafee

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

And this one by Sophos
https://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

If this is a small Network I would be looking at rebuilding the OS on all affected machines or using restore points just to be sure. I would not put it past these criminals to have installed a back door so that they can just do it again.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40613588
Just Install Microsoft Security Essential and run Full scan. It can detect cryptolocker virus.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40613756
After you have cleaned the virus from all infected PC's, educate the users on best practices when accessing the Web and doing email, like don't visit dubious sites, don't click on attachments you don't know anything about, don't click on ads, also take care of clicking on attachments you get from people you know, as their address could be spoofed, or their PC also infected.

Use ad-blockers in your browsers and mail clients, like Ad-Block plus.

Make sure the users only use standard accounts, never accounts with Admin rights, when working on PC's. Don't use network drives mapped to drive-letters, as those get encrypted too. Only use UNC paths, those can't currently get encrypted.

Most important, take your backups seriously, and have several versions on different backup media you rotate through, and always disconnect the backup media after the backup is done.
0
 
LVL 9

Expert Comment

by:davidanders
ID: 40615359
http://mywot.com   is an addon for most browsers that alerts the user about questionable sites.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question