Folks, For those in the US...
Our local FBI office suggests reporting Cryptowall and other ransomware to the FBI office nearest you (or to the victim). Lots of little cases can add add up to successful investigations. The wider the telescope (the more reports, the more data) the better the possible results. Obviously no promises on any specific case, but reporting these can help us all in the long run. Other "tech" law enforcement agencies in other countries are likely following these as well. --tep On Fri, Nov 14, 2014 at 9:04 AM, Tracy Reed <[email protected]> wrote: > On Fri, Nov 14, 2014 at 09:34:48AM PST, David Veer spake thusly: >> We have seen CryptoWall hit a number of systems too over the last month or >> two for different organizations around the city. Has anybody on the list >> been able to determine the attack or infection vector for it? We'd really >> like to figure out how it's getting into the networks and systems to begin >> with. > > John Quigley <[email protected]> (to whom you are replying to above) > explained > clearly what the infection vector is: > >> On Nov 14, 2014, at 10:50 AM, John Quigley <[email protected]> wrote: >> >> >* The malware arrived through a fake fax attachment in Outlook that a >> >receptionist opened. > > So what security controls should be put into place to resolve this? Among the > possibilities are: > > 1. Segmentation - Why should a receptionist's infected computer be able to > encrypt the whole company? She should never have had most of that data, not > to mention the actual "backups", mounted to her computer. > > 2. Authentication - Email is easily faked. Anyone can write anything they want > in the From: field. We really need to move to signed and encrypted emails. > > 3. Education - The secretary may have to be trained to notice what suspicious > or unusual email attachments look like. I bet this email was different than > the usual and could have been spotted as trouble. > >> >* He did have backups, as many have asked about, but they must have been >> >through a connected drive because they were encrypted as well. His IT was >> >outsourced to a local firm. > > He may have thought he did but he didn't actually. Not if they were connected > such that they could be encrypted. > >> >In talking with someone at a local cloud company yesterday, I learned that a >> >number of large organizations in our town, including banks, have been hit >> >with Cryptowall in the past few weeks. On the news this morning was a report >> >of a sheriff's office in TN paying the $500 ransom after working with FBI. > > Just wait until your bank loses your savings because all of their records got > encrypted. :| > > -- > Tracy Reed > > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
