hahahahaaa... @brian, the weirder the email/attachment, the more likely it is to be opened and forwarded... who can resist opening "cute_dog_dancing.avi" on a slow Friday afternoon...? Script runs over the weekend... Monday morning chaos, users mad at YOU because they can't access anything... -- On Fri, Apr 1, 2016 at 12:17 PM, Brian Ngure via skunkworks < skunkworks@lists.my.co.ke> wrote:
Tell people not to be silly and open weird emails and attachments?
On Fri, Apr 1, 2016 at 12:13 PM, Martin Mugambi via skunkworks < skunkworks@lists.my.co.ke> wrote:
So How do we stop/prevent that Ransomware?
*From:* Kennedy Kairaria via skunkworks [mailto:skunkworks@lists.my.co.ke]
*Sent:* Friday, April 01, 2016 11:45 AM *To:* Mark Kipyegon Koskei; Skunkworks Mailing List *Subject:* Re: [Skunkworks] PayCript Ransomware
Mark, apparently that seems the case as its a relatively new ransomware.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 *kenkairaria@gmail.com <kenkairaria@gmail.com>* |
[image: LinkedIn] <http://www.linkedin.com/in/kairaria>
http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q
Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:39, Mark Kipyegon Koskei via skunkworks < skunkworks@lists.my.co.ke> wrote:
Have you tried restoring from shadow copy?
Unless a decryption tool exists for that particular strain of ransomware, then you are SOL.
On 01/04/2016 11:22, skunkworks-request@lists.my.co.ke wrote:
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q
Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
> Skunk(ette)s, > > We just got hit with the paycript ransom-ware on some of our file > servers we've managed t identify the domain accounts running the script and > disabled them. Seems to have stopped spreading across the network to our > other file servers(for now...48 hours and counting) > > Suspected source has also been identified and measures taken. What > remains now is finding a way to decrypt the files. The damn fools are > asking for 2BTC for them to decrypt and double the amount to charge by the > day if not paid. > > Anyone else who has had to go through the same? What measures did you > take to recover? >
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
------------------------------ [image: Avast logo] <http://www.avast.com/>
This email has been checked for viruses by Avast antivirus software. www.avast.com
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke