Solved

What are the best practices to clean up a network after a Cryptolocker attack?

Posted on 2015-02-16
4
256 Views
Last Modified: 2016-02-25
Somebody in a small network inadvertently downloaded and executed a Cryptolocker virus program.
Before I came into the picture they decided to pay the attackers, and they unlock the files.

Now they have called me to provide them with a clean up process, so that they can make sure no traces of the cryptolocker are left on any computer in the network.

Can you please provide me with the best practices to clean up a network after a Cryptolocker attack?

And also the best practices to keep them to being attacked again?
0
Comment
Question by:cargex
4 Comments
 
LVL 23

Accepted Solution

by:
Michael74 earned 250 total points
ID: 40613045
Have a look at this product by Mcafee

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

And this one by Sophos
https://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

If this is a small Network I would be looking at rebuilding the OS on all affected machines or using restore points just to be sure. I would not put it past these criminals to have installed a back door so that they can just do it again.
0
 
LVL 4

Expert Comment

by:bominthu
ID: 40613588
Just Install Microsoft Security Essential and run Full scan. It can detect cryptolocker virus.
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 250 total points
ID: 40613756
After you have cleaned the virus from all infected PC's, educate the users on best practices when accessing the Web and doing email, like don't visit dubious sites, don't click on attachments you don't know anything about, don't click on ads, also take care of clicking on attachments you get from people you know, as their address could be spoofed, or their PC also infected.

Use ad-blockers in your browsers and mail clients, like Ad-Block plus.

Make sure the users only use standard accounts, never accounts with Admin rights, when working on PC's. Don't use network drives mapped to drive-letters, as those get encrypted too. Only use UNC paths, those can't currently get encrypted.

Most important, take your backups seriously, and have several versions on different backup media you rotate through, and always disconnect the backup media after the backup is done.
0
 
LVL 9

Expert Comment

by:davidanders
ID: 40615359
http://mywot.com   is an addon for most browsers that alerts the user about questionable sites.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question