Man of Honour
So presumably the best thing to do is to ask staff not to open personal email on work machines, is that correct?
I couldn't do my job if I couldn't open attached emails but if I do several on here would call me stupid.
So presumably the best thing to do is to ask staff not to open personal email on work machines, is that correct?
Yes. That is exactly how 4 of our desktops were infected (and had to be wiped). They were switched on at the time of the infection. No one was using them as it was late at night, but they got hit.....big time.
The most recent version of Locky goes looking for any shares on a LAN and will encrypt on unmapped shares.
If anything, the malware which renames files in some (eg Locky or Tesla) makes spotting them easier. The earlier versions which left the file names untouched might send you looking at a few corrupt Office documents until the penny dropped. Now once you see .locky files, you know it's time to start restoring...
On a Windows file server, you can configure File Server Resource Manager to deny writing of certain file extensions (with e-mail alerts) eg
http://olivermarshall.net/using-file-screening-to-help-block-cryptolocker/
If people are routinely (as part of their main job) opening attachments, etc. from anywhere then it might be worth looking into setting up a sandboxed/virtual machine environment that is isolated from the rest of the LAN as much as possible.
So, last wednesday evening someone (we think from the accounts dept) opened an email with a pdf in and unwittingly launched the crytolocker .coverton virus.
Spanning or Backupify offer a cloud based backup solution for Google.
Hoping Veeam will do its thing if/when called upon.
My password is fairly complex and no combination of the username and password is used for any online sites. Is there way in through RDP without knowing the username and password or was the hacker was able to generate the password without me noticing?
( |-| |2 ][ $;29401693 said:So in a hypothetical situation of a PC plugged into an infected LAN and with a drive mapped to an infected machine, but without any programs actively using that share and without a user running anything from that share, could said PC get infected?