Solved

systemdown@india.com and McAfee

Posted on 2016-09-14
3
115 Views
Last Modified: 2016-10-27
Our documents got infected with the systemdown@india.com.xtbl.  It encrypted thousands of files.  Fortunately I back up everything, so I was able to put backups in place.  But my question is why didn't our Virus protections, Spyware blockers, etc., catch this.  I understand from research that this normally comes in as ads or malware, but my Manager tends to think that even if this came in through email, that our protections should have stopped it at the source and not spread throughout our entire system.  It only affected files that everyone had write access to.  

I need to prevent this from happening.  Other than totally locking down the internet what else can I do.  I have anti-virus software in place, Barracuda Spyware device, as well as Malware software.  I know the rules of prevention but I need to know if there is anything that can stop it if it hits our systems again.
0
Comment
Question by:Salonge
3 Comments
 
LVL 20

Assisted Solution

by:Russ Suter
Russ Suter earned 125 total points
ID: 41798769
Antivirus programs are known to be ineffective against such attacks. AV programs are pretty much useless in general these days. Education is the #1 defense. You can alter your firewall and mail server rules to block attachments. That tends to be much more effective. You can also institute group policies that prevent programs from running in unauthorized locations. You can further introduce watch programs that detect anomalous activity and shut down the system or alert you.
1
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 125 total points
ID: 41798785
The answer has been there for 15 years: software restriction policies application whitelisting. You list what's allowed (like your office software and all other known stuff), the rest gets blocked including all viruses.
0
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 250 total points
ID: 41798824
+1 Russ.  AV is statistically about 40% effective in stopping malware.  You need multiple protections in place: quarantining external files coming into e-mail, user education, Internet filtering, etc.  Now there are products like Cylance that don't use signatures, but predictive analysis of program behavior, but even with their "get pass our protection" bounty program, there were people that found a way around their detection.

I would say on a real world note that our infections went down substantively when we took away admin rights from end users and put in a Websense appliance and deployed the Websense endpoint client.  We also have alerting in ESET and if anyone comes up with a Crypto alert, that computer is immediately taken offline.  Other people have used FSRM to do similar things.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MS Endpoint Protection 2 25
Connecting a New Subnet to Network 4 29
ASP server side get value 15 24
Setting up NAT translation for RDP 6 16
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question