CryptoLocker - New Ransomware

Had a bigger client get infected today. It came in by e-mail and encrypted all documents on the workstation as well as some stuff on network drives. Had them pull the network cable on the machine and it looks like it was actively encrypting when they did it.

Everything restored from nightly backups so no big deal and it was really easy to wipe out the infection, no root/boot kits or anything nasty.

The good news is that I'm now allowed to revoke local admin rights on all workstations! :)
 
Last edited:
I had a remote session for a doctors office the other day. XP machine that the receptionist uses to connect to a terminal server was having trouble with opening PDFs. When I connected I found decrypt instruction files on the desktop. I asked how long they had been there. The receptionist didn't know. I informed the doctor what it was and and asked why he was still using XP. His reply was that he just spent a lot of money repairing his car and couldn't replace the machine. I asked if he wanted the infection cleaned and was told only if it was quick. I've had other dealings with this client before and can say I am not surprised by this last service. I've made repeated recommendations for his to have a reliable backup and security. Nothing ever gets done.
 
pceinc said:
I had a remote session for a doctors office the other day. XP machine that the receptionist uses to connect to a terminal server was having trouble with opening PDFs. When I connected I found decrypt instruction files on the desktop. I asked how long they had been there. The receptionist didn't know. I informed the doctor what it was and and asked why he was still using XP. His reply was that he just spent a lot of money repairing his car and couldn't replace the machine. I asked if he wanted the infection cleaned and was told only if it was quick. I've had other dealings with this client before and can say I am not surprised by this last service. I've made repeated recommendations for his to have a reliable backup and security. Nothing ever gets done.
Click to expand...

Yes, some people only learn with a really hard lesson. I always document what I recommended and make a note that it was 'declined by customer'. Got to cover your ass.
 
pceinc said:
I had a remote session for a doctors office the other day. XP machine that the receptionist uses to connect to a terminal server was having trouble with opening PDFs. When I connected I found decrypt instruction files on the desktop. I asked how long they had been there. The receptionist didn't know. I informed the doctor what it was and and asked why he was still using XP. His reply was that he just spent a lot of money repairing his car and couldn't replace the machine. I asked if he wanted the infection cleaned and was told only if it was quick. I've had other dealings with this client before and can say I am not surprised by this last service. I've made repeated recommendations for his to have a reliable backup and security. Nothing ever gets done.
Click to expand...

Sad to say but eventually that catches up to them. Took me months to finally get my client to upgrade to Windows 7. He finally got tired of the slow XP boxes and not being able to dictate in his office that he made the leap. Haven't looked back since. :D
 
You must log in or register to reply here.

Similar threads

Porthos
AgeLocker ransomware targets QNAP NAS devices, steals data
Replies
8
Views
1K
glennd
glennd
phaZed
Synology warns of malware infecting NAS devices with ransomware (Bruteforce)
Replies
1
Views
965
Sky-Knight
Sky-Knight
Porthos
New ransomware attacks target your NAS devices, backup storage
Replies
1
Views
790
ell
E
Porthos
Windows 10 Start Menu Suggests Firefox Users Switch to Edge
Replies
11
Views
1K
DRPCNZ
DRPCNZ
GTP
New Feature in Emsisoft
2
Replies
24
Views
2K
Archon Prime
Archon Prime
Back
Top