CryptoWall attack
This topic contains 3 replies, has 4 voices, and was last updated by 
omrizarko 3 years, 11 months ago.
-
Posts
-
dear all .
in our network there is a cryptowall attack i believe ..when we try to open the files it locked and asking money to open the lock ..please give me solution to get rid off from this issue…
thanks
That would presumably be CryptoLOCKER?
a) Pay (but refer to Mr Kipling’s views on Danegeld first)
or
b) Disconnect from internet, run many AV scans to remove the infection (keep machines isolated while disinfecting to prevent re-infection) then restore from backupWe use SonicWALL with their Gateway Anti-Virus and Geo-IP filter as preventative measures. In addition to anti-virus programs, we utilize these two to block the Crypto-Wall and Crypto-Locker viruses from infecting us and by blocking the IP of foreign countries where the command and control servers generally live (we block everything but the US and a handful of “safe” countries), we prevent the virus from establishing a connection to the C&C servers to generate their key without which they can’t begin encryption. We then use software like Malwarebytes to remove the infection. It’s not perfect, but it helps.
Take all your computers off the network. Remove and resolve the infection on each computer using your antivirus and malware recovery tools.
Restore all your data from backup.I’m assuming you have backups.
You have backups, right?
You must be logged in to reply to this topic.