The alert text from the FireEye however, had a lot of gibberish in it, and since the computer didn't show any outward signs of infection at the time it was assumed that the FE stopped it and that the issue was resolved.
The alert was nearly two weeks ago (in hind site it was the act of the exploit trying to reach out). Although we have several layers of defense, we believe that the FireEye appliance is what actually prevented us from being fully compromised. We did get an alert from a FireEye appliance, and we believe the FireEye prevented the exploit from reaching out and getting an encryption key to encrypt the files. The 'Help' files were on all of these locations, as well as multiple locations on the users computer. We checked the files on all network drives that were available to the user, and it looks like none were actually encrypted. I was curious if anyone has had any recent experience with this malware, and would like to offer any DO's or DON'T's from their own experience in the clean up.įirst of all, I would like thank everyone for some excellent responses. We're currently in containment mode, and about to go into cleanup. We also found evidence of the files on the root of some of our network drives. AV detected it this morning, but it looks like it may have been on his system for nearly a week already. We had a customer who was hit by the Crypto Locker.
0 kommentar(er)
