I`m just curious how many active users did suffer from this Malware? Our Company was hit three times in the last few weeks and everytime it was an slightliy enhanced version, so that the DAT File was not able to detect the new Version. Of course we have a straight Backupstrategy so at the end there was only a little damage at all but as mentioned: I'm just curious
We blocked via manual rules the possibility of writing executables in Userfolders (access protection policy) but nevertheless got hit today another time, where the entry was made in the registry (...\Run\*.exe) but no executable was written on the Harddisk. Kind of scary isn't it? It seems to be, at least for us, the next Generation is out in the wild which did not write itself on a harddisk until the Server or System is shutdown.
So, how are you handling this matter and what to do with the upcoming Versions which are only written in Memory and not on harddisk? How will McAfee/Intel take care of this and what can be done to prevent those vicious Versions?
And yes, we did like the KB-article proposes as far as we have the mentioned products licensed ;-)
McAfee Malware Support Operations have released the following guide to help combat Cryptolocker and Cryptolocker via SNS last week.
We deployed these Access Protection Rules last week.
Volunteer Moderator - Business Products
Certified McAfee Product Specialist - ePO
SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources. Visit the SNS Subscription Center.
and yes, those were the Settings we have in use but as mentioned we did Encounter an infection without having an executable on the harddisk (that is the scary part). Nevertheless the malwarefamiliy in our cases is part of the TeslaCrypt Family: