Most of the forensics i have been in, the executable came via email, from server in Nigeria. Once the user clicks it, the malware quietly executes and starts its operation, which runs for a while. Its mostly phishing, as the initial attack vector. On 2/10/15, christian kisutsa via skunkworks <skunkworks@lists.my.co.ke> wrote:
Is it possible to share how the two machines were infected?
On Mon, Feb 9, 2015 at 11:18 AM, geoffrey gitagia via skunkworks < skunkworks@lists.my.co.ke> wrote:
here is a sure way of doing it
http://www.computerworld.com/article/2485214/microsoft-windows/cryptolocker-...
On Mon, Feb 9, 2015 at 9:51 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
@Mark thats probably the best , but i was talking of being proactive and how not to get hit , but also remember some ransonware can lay in wait till its activated (delayed attack)
https://forums.malwarebytes.org/index.php?/topic/134999-quick-qustions-about...
https://nakedsecurity.sophos.com/2013/11/04/cryptolocker-ransomeware-crooks-...
http://www.reddit.com/r/Malware/comments/2tgqp8/new_software_to_detect_encry...
On Mon, Feb 9, 2015 at 9:25 AM, Mark Kipyegon via skunkworks < skunkworks@lists.my.co.ke> wrote:
On 09/02/2015 08:35, geoffrey gitagia via skunkworks wrote:
Best way to deal with crypto ware ... pay the guy , decrypt , painfully backup each file and folder to a clean drive (this step makes sure you dont copy over the infecting file) , format your drive , restore only important files from the backup drive ... Please note that not many antiviruses (if any) know how to deal with these.
This is bad advice IMO.
Automatic backups are fairly easy to setup and paying the ransom shouldn't even be considered.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- GG
-- GG
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/