?
Solved

What are the best practices to clean up a network after a Cryptolocker attack?

Posted on 2015-02-16
4
Medium Priority
?
294 Views
Last Modified: 2016-02-25
Somebody in a small network inadvertently downloaded and executed a Cryptolocker virus program.
Before I came into the picture they decided to pay the attackers, and they unlock the files.

Now they have called me to provide them with a clean up process, so that they can make sure no traces of the cryptolocker are left on any computer in the network.

Can you please provide me with the best practices to clean up a network after a Cryptolocker attack?

And also the best practices to keep them to being attacked again?
0
Comment
Question by:cargex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 23

Accepted Solution

by:
Michael Fowler earned 1000 total points
ID: 40613045
Have a look at this product by Mcafee

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

And this one by Sophos
https://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

If this is a small Network I would be looking at rebuilding the OS on all affected machines or using restore points just to be sure. I would not put it past these criminals to have installed a back door so that they can just do it again.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40613588
Just Install Microsoft Security Essential and run Full scan. It can detect cryptolocker virus.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 1000 total points
ID: 40613756
After you have cleaned the virus from all infected PC's, educate the users on best practices when accessing the Web and doing email, like don't visit dubious sites, don't click on attachments you don't know anything about, don't click on ads, also take care of clicking on attachments you get from people you know, as their address could be spoofed, or their PC also infected.

Use ad-blockers in your browsers and mail clients, like Ad-Block plus.

Make sure the users only use standard accounts, never accounts with Admin rights, when working on PC's. Don't use network drives mapped to drive-letters, as those get encrypted too. Only use UNC paths, those can't currently get encrypted.

Most important, take your backups seriously, and have several versions on different backup media you rotate through, and always disconnect the backup media after the backup is done.
0
 
LVL 9

Expert Comment

by:davidanders
ID: 40615359
http://mywot.com   is an addon for most browsers that alerts the user about questionable sites.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month9 days, 19 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question