I have installed this AntiRansomware tool from bitdefender ... https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-r... Not sure whether it is any good or its just giving a false sense of security. On Fri, Apr 1, 2016 at 3:06 PM, Joseph M Owino via skunkworks < skunkworks@lists.my.co.ke> wrote:
In my honest opinion securing your mail server to prevent this kinds of attachments is at least 90% efficient. Many people focus on the network security and because there is no BYOD policy, people are accessing company resources on phones, iPad and home laptops which you have no control of. At the end of the day Security has to be a top-down approach you cant just have a firewall and sail into the sunset
*From:* Catherine njoroge via skunkworks [mailto:skunkworks@lists.my.co.ke]
*Sent:* 01 April 2016 13:29 *To:* francis irungu <francisirungu@gmail.com>; Skunkworks Mailing List < skunkworks@lists.my.co.ke> *Subject:* Re: [Skunkworks] PayCript Ransomware
https://www.linkedin.com/pulse/ransom-ware-real-prepared-francis-irungu?trk=...
Kind Regards,
Catherine Njoroge
On Fri, Apr 1, 2016 at 1:12 PM, francis irungu via skunkworks < skunkworks@lists.my.co.ke> wrote:
Implementing a solution like Checkpoint Sandblast for your NGFW can be of help. comes with big $$.
On Fri, Apr 1, 2016 at 12:44 PM, Alex Gitahi via skunkworks < skunkworks@lists.my.co.ke> wrote:
key issue is not user rights but there'll be one user who will out of curiosity open spam email attachments and this will be the start of your system attack.
*Kind Regards,*
*Alex.K.Gitahi.*
On Fri, Apr 1, 2016 at 12:31 PM, Mark Kipyegon Koskei via skunkworks < skunkworks@lists.my.co.ke> wrote:
No sysadmin worth his salt should trust users with such a big responsibility.
The challenge is to build a resilient system with backups, regular updates and strict control over user rights.
On 01/04/2016 12:17, Brian Ngure wrote:
Tell people not to be silly and open weird emails and attachments?
On Fri, Apr 1, 2016 at 12:13 PM, Martin Mugambi via skunkworks <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>> wrote:
So How do we stop/prevent that Ransomware? ____
__ __
*From:*Kennedy Kairaria via skunkworks [mailto:skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke ] *Sent:* Friday, April 01, 2016 11:45 AM *To:* Mark Kipyegon Koskei; Skunkworks Mailing List *Subject:* Re: [Skunkworks] PayCript Ransomware____
__ __
Mark, apparently that seems the case as its a relatively new ransomware.____
____
Regards,____
__ __
*Kennedy Kairaria*____
Mobile: (254) 724 615232 _kenkairaria@gmail.com <mailto:kenkairaria@gmail.com>_ |____
LinkedIn <http://www.linkedin.com/in/kairaria> ____
http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q____
Contact me: Skype kennedy.kairaria____
__ __
On 1 April 2016 at 11:39, Mark Kipyegon Koskei via skunkworks <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>> wrote:____
Have you tried restoring from shadow copy?
Unless a decryption tool exists for that particular strain of ransomware, then you are SOL.
On 01/04/2016 11:22, skunkworks-request@lists.my.co.ke <mailto:skunkworks-request@lists.my.co.ke> wrote:
>> >> On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < >> skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>> wrote: >> >>> By the time we noticed they were also affected. Incremental backups. >>> >>> Regards, >>> >>> *Kennedy Kairaria* >>> >>> Mobile: (254) 724 615232 >>> kenkairaria@gmail.com <mailto:kenkairaria@gmail.com> | >>> [image: LinkedIn] <http://www.linkedin.com/in/kairaria> >>> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/ q____
>>> Contact me: [image: Skype] kennedy.kairaria >>> >>> On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke <mailto:brian@pixie.co.ke>> wrote: >>> >>>> Backups? >>>> On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < >>>> skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>>
wrote: >>>> >>>>> Skunk(ette)s, >>>>> >>>>> We just got hit with the paycript ransom-ware on some of our
file
>>>>> servers we've managed t identify the domain accounts running the script and >>>>> disabled them. Seems to have stopped spreading across the network to our >>>>> other file servers(for now...48 hours and counting) >>>>> >>>>> Suspected source has also been identified and measures taken.
What
>>>>> remains now is finding a way to decrypt the files. The damn fools are >>>>> asking for 2BTC for them to decrypt and double the amount to charge by the >>>>> day if not paid. >>>>> >>>>> Anyone else who has had to go through the same? What measures did you >>>>> take to recover? >>>>>____
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Francis Irungu,
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
[image: http://t.sidekickopen04.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v5d...]
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best Regards Jimmy Thuo