Checking SPF records and enforcing DKIM should help curb the spread through mail too.

Regards,

Kennedy Kairaria 

Software project management, Applications development & Database Administrator

Mobile: (+254) 724 615232
LinkedIn 

http://kennedy-kairaria.gq

Contact me: Skype kennedy.kairaria

On 1 April 2016 at 12:46, MotoBaridi via skunkworks <skunkworks@lists.my.co.ke> wrote:
@Mark, in many places, user convenience is valued over system/data security, and sys admins have no say. Block facebook during work-hours, your boss will be breathing down your neck. Block downloading of .exe files, some C-level person will demand you unblock it, you know, so they can download and install FreeScreenSaver.

Whats a guy to do?


--


On Fri, Apr 1, 2016 at 12:31 PM, Mark Kipyegon Koskei via skunkworks <skunkworks@lists.my.co.ke> wrote:
No sysadmin worth his salt should trust users with such a big
responsibility.

The challenge is to build a resilient system with backups, regular
updates and strict control over user rights.

On 01/04/2016 12:17, Brian Ngure wrote:
> Tell people not to be silly and open weird emails and attachments?
>
>
> On Fri, Apr 1, 2016 at 12:13 PM, Martin Mugambi via skunkworks
> <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>> wrote:
>
>     So How do we stop/prevent that Ransomware? ____
>
>     __ __
>
>     *From:*Kennedy Kairaria via skunkworks
>     [mailto:skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>]
>     *Sent:* Friday, April 01, 2016 11:45 AM
>     *To:* Mark Kipyegon Koskei; Skunkworks Mailing List
>     *Subject:* Re: [Skunkworks] PayCript Ransomware____
>
>     __ __
>
>     Mark, apparently that seems the case as its a relatively new
>     ransomware.____
>
>
>     ____
>
>     Regards,____
>
>     __ __
>
>     *Kennedy Kairaria*____
>
>     Mobile: (254) 724 615232
>     _kenkairaria@gmail.com <mailto:kenkairaria@gmail.com>_ |____
>
>     LinkedIn <http://www.linkedin.com/in/kairaria> ____
>
>     http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q____
>
>     Contact me: Skype kennedy.kairaria____
>
>     __ __
>
>     On 1 April 2016 at 11:39, Mark Kipyegon Koskei via skunkworks
>     <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>>
>     wrote:____
>
>     Have you tried restoring from shadow copy?
>
>     Unless a decryption tool exists for that particular strain of
>     ransomware, then you are SOL.
>
>     On 01/04/2016 11:22, skunkworks-request@lists.my.co.ke
>     <mailto:skunkworks-request@lists.my.co.ke> wrote:
>
>     >>
>     >> On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks <
>     >> skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>> wrote:
>     >>
>     >>> By the time we noticed they were also affected. Incremental backups.
>     >>>
>     >>> Regards,
>     >>>
>     >>> *Kennedy Kairaria*
>     >>>
>     >>> Mobile: (254) 724 615232
>     >>> kenkairaria@gmail.com <mailto:kenkairaria@gmail.com> |
>     >>> [image: LinkedIn] <http://www.linkedin.com/in/kairaria>
>     >>> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q____
>
>     >>> Contact me: [image: Skype] kennedy.kairaria
>     >>>
>     >>> On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke
>     <mailto:brian@pixie.co.ke>> wrote:
>     >>>
>     >>>> Backups?
>     >>>> On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" <
>     >>>> skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke>>
>     wrote:
>     >>>>
>     >>>>> Skunk(ette)s,
>     >>>>>
>     >>>>> We just got hit with the paycript  ransom-ware on some of our file
>     >>>>> servers we've managed t identify the domain accounts running
>     the script and
>     >>>>> disabled them. Seems to have stopped spreading across the
>     network to our
>     >>>>> other file servers(for now...48 hours and counting)
>     >>>>>
>     >>>>> Suspected source has also been identified and measures taken. What
>     >>>>> remains now is finding a way to decrypt the files. The damn
>     fools are
>     >>>>> asking for 2BTC for them to decrypt and double the amount to
>     charge by the
>     >>>>> day if not paid.
>     >>>>>
>     >>>>> Anyone else who has had to go through the same? What measures
>     did you
>     >>>>> take to recover?
>     >>>>>____
>


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke