2 Replies Latest reply on May 12, 2015 4:32 AM by Don_Martin

    Cryptolockerfamily - who was hit in the last weeks? How to configure proactive protection?

    Don_Martin

      Hello,

       

      I`m just curious how many active users did suffer from this Malware? Our Company was hit three times in the last few weeks and everytime it was an slightliy enhanced version, so that the DAT File was not able to detect the new Version. Of course we have a straight Backupstrategy so at the end there was only a little damage at all but as mentioned: I'm just curious

       

       

      We blocked via manual rules the possibility of writing executables in Userfolders (access protection policy) but nevertheless got hit today another time, where the entry was made in the registry (...\Run\*.exe) but no executable was written on the Harddisk. Kind of scary isn't it? It seems to be, at least for us, the next Generation is out in the wild which did not write itself on a harddisk until the Server or System is shutdown.

       

      So, how are you handling this matter and what to do with the upcoming Versions which are only written in Memory and not on harddisk? How will McAfee/Intel take care of this and what can be done to prevent those vicious Versions?

      And yes, we did like the KB-article proposes as far as we have the mentioned products licensed ;-)

       

      https://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ve d=0CCIQFjAA&url=https%3A%2F%2Fkc.mcafee.…