Implementing a solution like Checkpoint Sandblast for your NGFW can be of help. comes with big $$.


On Fri, Apr 1, 2016 at 12:44 PM, Alex Gitahi via skunkworks <skunkworks@lists.my.co.ke> wrote:
key issue is not user rights but there'll be one user who will out of curiosity open spam email attachments and this will be the start of your system attack.

Kind Regards,

Alex.K.Gitahi.


On Fri, Apr 1, 2016 at 12:31 PM, Mark Kipyegon Koskei via skunkworks <skunkworks@lists.my.co.ke> wrote:
No sysadmin worth his salt should trust users with such a big
responsibility.

The challenge is to build a resilient system with backups, regular
updates and strict control over user rights.

On 01/04/2016 12:17, Brian Ngure wrote:
> Tell people not to be silly and open weird emails and attachments?
>
>
> On Fri, Apr 1, 2016 at 12:13 PM, Martin Mugambi via skunkworks
> <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>> wrote:
>
>     So How do we stop/prevent that Ransomware? ____
>
>     __ __
>
>     *From:*Kennedy Kairaria via skunkworks
>     [mailto:skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>]
>     *Sent:* Friday, April 01, 2016 11:45 AM
>     *To:* Mark Kipyegon Koskei; Skunkworks Mailing List
>     *Subject:* Re: [Skunkworks] PayCript Ransomware____
>
>     __ __
>
>     Mark, apparently that seems the case as its a relatively new
>     ransomware.____
>
>
>     ____
>
>     Regards,____
>
>     __ __
>
>     *Kennedy Kairaria*____
>
>     Mobile: (254) 724 615232
>     _kenkairaria@gmail.com <mailto:kenkairaria@gmail.com>_ |____
>
>     LinkedIn <http://www.linkedin.com/in/kairaria> ____
>
>     http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q____
>
>     Contact me: Skype kennedy.kairaria____
>
>     __ __
>
>     On 1 April 2016 at 11:39, Mark Kipyegon Koskei via skunkworks
>     <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>>
>     wrote:____
>
>     Have you tried restoring from shadow copy?
>
>     Unless a decryption tool exists for that particular strain of
>     ransomware, then you are SOL.
>
>     On 01/04/2016 11:22, skunkworks-request@lists.my.co.ke
>     <mailto:skunkworks-request@lists.my.co.ke> wrote:
>
>     >>
>     >> On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks <
>     >> skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>> wrote:
>     >>
>     >>> By the time we noticed they were also affected. Incremental backups.
>     >>>
>     >>> Regards,
>     >>>
>     >>> *Kennedy Kairaria*
>     >>>
>     >>> Mobile: (254) 724 615232
>     >>> kenkairaria@gmail.com <mailto:kenkairaria@gmail.com> |
>     >>> [image: LinkedIn] <http://www.linkedin.com/in/kairaria>
>     >>> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q____
>
>     >>> Contact me: [image: Skype] kennedy.kairaria
>     >>>
>     >>> On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke
>     <mailto:brian@pixie.co.ke>> wrote:
>     >>>
>     >>>> Backups?
>     >>>> On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" <
>     >>>> skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>>
>     wrote:
>     >>>>
>     >>>>> Skunk(ette)s,
>     >>>>>
>     >>>>> We just got hit with the paycript  ransom-ware on some of our file
>     >>>>> servers we've managed t identify the domain accounts running
>     the script and
>     >>>>> disabled them. Seems to have stopped spreading across the
>     network to our
>     >>>>> other file servers(for now...48 hours and counting)
>     >>>>>
>     >>>>> Suspected source has also been identified and measures taken. What
>     >>>>> remains now is finding a way to decrypt the files. The damn
>     fools are
>     >>>>> asking for 2BTC for them to decrypt and double the amount to
>     charge by the
>     >>>>> day if not paid.
>     >>>>>
>     >>>>> Anyone else who has had to go through the same? What measures
>     did you
>     >>>>> take to recover?
>     >>>>>____
>


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Francis Irungu,