Solved

What are the best practices to clean up a network after a Cryptolocker attack?

Posted on 2015-02-16
4
236 Views
Last Modified: 2016-02-25
Somebody in a small network inadvertently downloaded and executed a Cryptolocker virus program.
Before I came into the picture they decided to pay the attackers, and they unlock the files.

Now they have called me to provide them with a clean up process, so that they can make sure no traces of the cryptolocker are left on any computer in the network.

Can you please provide me with the best practices to clean up a network after a Cryptolocker attack?

And also the best practices to keep them to being attacked again?
0
Comment
Question by:cargex
4 Comments
 
LVL 23

Accepted Solution

by:
Michael74 earned 250 total points
ID: 40613045
Have a look at this product by Mcafee

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

And this one by Sophos
https://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

If this is a small Network I would be looking at rebuilding the OS on all affected machines or using restore points just to be sure. I would not put it past these criminals to have installed a back door so that they can just do it again.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40613588
Just Install Microsoft Security Essential and run Full scan. It can detect cryptolocker virus.
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40613756
After you have cleaned the virus from all infected PC's, educate the users on best practices when accessing the Web and doing email, like don't visit dubious sites, don't click on attachments you don't know anything about, don't click on ads, also take care of clicking on attachments you get from people you know, as their address could be spoofed, or their PC also infected.

Use ad-blockers in your browsers and mail clients, like Ad-Block plus.

Make sure the users only use standard accounts, never accounts with Admin rights, when working on PC's. Don't use network drives mapped to drive-letters, as those get encrypted too. Only use UNC paths, those can't currently get encrypted.

Most important, take your backups seriously, and have several versions on different backup media you rotate through, and always disconnect the backup media after the backup is done.
0
 
LVL 8

Expert Comment

by:davidanders
ID: 40615359
http://mywot.com   is an addon for most browsers that alerts the user about questionable sites.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now