[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

What are the best practices to clean up a network after a Cryptolocker attack?

Posted on 2015-02-16
4
Medium Priority
?
304 Views
Last Modified: 2016-02-25
Somebody in a small network inadvertently downloaded and executed a Cryptolocker virus program.
Before I came into the picture they decided to pay the attackers, and they unlock the files.

Now they have called me to provide them with a clean up process, so that they can make sure no traces of the cryptolocker are left on any computer in the network.

Can you please provide me with the best practices to clean up a network after a Cryptolocker attack?

And also the best practices to keep them to being attacked again?
0
Comment
Question by:cargex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 23

Accepted Solution

by:
Michael Fowler earned 1000 total points
ID: 40613045
Have a look at this product by Mcafee

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

And this one by Sophos
https://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

If this is a small Network I would be looking at rebuilding the OS on all affected machines or using restore points just to be sure. I would not put it past these criminals to have installed a back door so that they can just do it again.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40613588
Just Install Microsoft Security Essential and run Full scan. It can detect cryptolocker virus.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 1000 total points
ID: 40613756
After you have cleaned the virus from all infected PC's, educate the users on best practices when accessing the Web and doing email, like don't visit dubious sites, don't click on attachments you don't know anything about, don't click on ads, also take care of clicking on attachments you get from people you know, as their address could be spoofed, or their PC also infected.

Use ad-blockers in your browsers and mail clients, like Ad-Block plus.

Make sure the users only use standard accounts, never accounts with Admin rights, when working on PC's. Don't use network drives mapped to drive-letters, as those get encrypted too. Only use UNC paths, those can't currently get encrypted.

Most important, take your backups seriously, and have several versions on different backup media you rotate through, and always disconnect the backup media after the backup is done.
0
 
LVL 10

Expert Comment

by:davidanders
ID: 40615359
http://mywot.com   is an addon for most browsers that alerts the user about questionable sites.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question