Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

systemdown@india.com and McAfee

Posted on 2016-09-14
3
Medium Priority
?
184 Views
Last Modified: 2016-10-27
Our documents got infected with the systemdown@india.com.xtbl.  It encrypted thousands of files.  Fortunately I back up everything, so I was able to put backups in place.  But my question is why didn't our Virus protections, Spyware blockers, etc., catch this.  I understand from research that this normally comes in as ads or malware, but my Manager tends to think that even if this came in through email, that our protections should have stopped it at the source and not spread throughout our entire system.  It only affected files that everyone had write access to.  

I need to prevent this from happening.  Other than totally locking down the internet what else can I do.  I have anti-virus software in place, Barracuda Spyware device, as well as Malware software.  I know the rules of prevention but I need to know if there is anything that can stop it if it hits our systems again.
0
Comment
Question by:Salonge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 20

Assisted Solution

by:Russ Suter
Russ Suter earned 500 total points
ID: 41798769
Antivirus programs are known to be ineffective against such attacks. AV programs are pretty much useless in general these days. Education is the #1 defense. You can alter your firewall and mail server rules to block attachments. That tends to be much more effective. You can also institute group policies that prevent programs from running in unauthorized locations. You can further introduce watch programs that detect anomalous activity and shut down the system or alert you.
1
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 500 total points
ID: 41798785
The answer has been there for 15 years: software restriction policies application whitelisting. You list what's allowed (like your office software and all other known stuff), the rest gets blocked including all viruses.
0
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 1000 total points
ID: 41798824
+1 Russ.  AV is statistically about 40% effective in stopping malware.  You need multiple protections in place: quarantining external files coming into e-mail, user education, Internet filtering, etc.  Now there are products like Cylance that don't use signatures, but predictive analysis of program behavior, but even with their "get pass our protection" bounty program, there were people that found a way around their detection.

I would say on a real world note that our infections went down substantively when we took away admin rights from end users and put in a Websense appliance and deployed the Websense endpoint client.  We also have alerting in ESET and if anyone comes up with a Crypto alert, that computer is immediately taken offline.  Other people have used FSRM to do similar things.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question