Crypto-Locker Virus
deafbykhorns
Posts: 150
Well, this is how my day started....
Some idiot in our office disabled his AVG (an admin guy mind you) last week because his computer was running slow.
Clicked on a suspicious email at 8:20 yesterday morning which encrypted 30% of our office files. Luckily we had some group policy settings that didnt allow my department files to be destroyed.
This virus holds your files ransom starting at $500 for a key to unlock. Second option is to restore a backup which I had up on a cloud.
28 hours later, I'm just about done cleaning files.
Should I fire this employee???
Some idiot in our office disabled his AVG (an admin guy mind you) last week because his computer was running slow.
Clicked on a suspicious email at 8:20 yesterday morning which encrypted 30% of our office files. Luckily we had some group policy settings that didnt allow my department files to be destroyed.
This virus holds your files ransom starting at $500 for a key to unlock. Second option is to restore a backup which I had up on a cloud.
28 hours later, I'm just about done cleaning files.
Should I fire this employee???
Main System- Scratch built 2A3 , Lightspeed preamp, Technics SP15/Graham/XV1s,Klipschorns w/ALK xovers/Trachorns, Speakercraft MT8(4), Sonos ZP90, Yamaha Aventage for surround
Office System- Adcom GTP500, Bedini 45/45,Lexicon RT-20,Enlightened Audio DAC, Polk SDA2.3TL, Northcreek Borealis
Office System- Adcom GTP500, Bedini 45/45,Lexicon RT-20,Enlightened Audio DAC, Polk SDA2.3TL, Northcreek Borealis
Post edited by deafbykhorns on
Comments
-
Yes!Home Theater/2 Channel:
Front: SDA-2ATL forum.polkaudio.com/discussion/143984/my-2as-finally-finished-almost/p1
Center: Custom Built forum.polkaudio.com/discussion/150760/my-center-channel-project/p1
Surrounds & Rears: Custom Built forum.polkaudio.com/discussion/151647/my-surround-project/p1
Sonicaps, Mills, RDO-194s-198s, Dynamat, Hurricane Nuts, Blackhole5
Pioneer Elite VSX-72TXV, Carver PM-600, SVS PB2-Plus Subwoofer
dhsspeakerservice.com/ -
If the employee willfully disregarded security protocols, then yes. It's like when morons place copper piping in place of fuses, or tape breakers closed.I refuse to argue with idiots, because people can't tell the DIFFERENCE!
-
Tough question, does he actually work in IT? On my network any other users can't disable, or install anything.
-
What kind of **** was he looking at?
-
Dont fire , give him a warning.
-
use some steel-toed boots as you boot him through the door...The Gear... Carver "Statement" Mono-blocks, Mcintosh C2300 Arcam AVR20, Oppo UDP-203 4K Blu-ray player, Sony XBR70x850B 4k, Polk Audio Legend L800 with height modules, L400 Center Channel Polk audio AB800 "in-wall" surrounds. Marantz MM7025 stereo amp. Simaudio Moon 680d DSD
“When once a Republic is corrupted, there is no possibility of remedying any of the growing evils but by removing the corruption and restoring its lost principles; every other correction is either useless or a new evil.”— Thomas Jefferson -
I think it depends on how he has been doing as an employee overall. If he has been a problem in other areas then let him go. If this is an isolated incident, and he is a good employee in general, then just give him a warning. Even brilliant people sometimes make mistakes.Living Room: HK AVR 354 as pre/pro, 2 x Polk Audio Micropro 4000, Adcom GFA-7500, 2 x Mirage OMD-15
2 x Mirage OMD-5, 1 x Mirage OMD-C1, APC H15, Sony S790, Philips 52" LCD, Beogram 3000, FAT (Firestone Audio Tobby DAC), Harmony One
Den: Sherwood R-972,as pre/pro, 2 x Velodyne SPL-1000R, 3 x Crown Drivecore XLS1500, 2 x Polk Audio Lsi9
1 x Polk Audio Lsic, 2 x Polk Audio Lsifx, Sony S790, APC H15, Dspeaker Dual Core 2.0, W4S DAC 2, Keces DA-151 -
To paraphrase Ron white, "You can cure ignorance, but you can't fix stupid"
Windows, unfortunately, defaults to Administrator when a single account is setup on a PC. I would setup limited user accounts for those who are common sense challenged. If you don't already use centrally managed Antivirus, such as Symantec Endpoint, you might want to look into it. You can lock it down.Home Theater/2 Channel:
Front: SDA-2ATL forum.polkaudio.com/discussion/143984/my-2as-finally-finished-almost/p1
Center: Custom Built forum.polkaudio.com/discussion/150760/my-center-channel-project/p1
Surrounds & Rears: Custom Built forum.polkaudio.com/discussion/151647/my-surround-project/p1
Sonicaps, Mills, RDO-194s-198s, Dynamat, Hurricane Nuts, Blackhole5
Pioneer Elite VSX-72TXV, Carver PM-600, SVS PB2-Plus Subwoofer
dhsspeakerservice.com/ -
When stuff like this happens don't you just think about how productive you could have been not dealing with something that was so avoidable??? Did the crypto virus come in an email that included a dropbox link? We saw this one late last week and inevitably someone clicked the link! Our proxy appliance blocked access to the website... thank goodness.
Crypto virus' are all the rage now - high risk!Polk Monitor 10
Polk Monitor 7 -
BS...anti virus software has nothing to do with network speed....and this person is being paid well to be an IT admin?? Enough said!
-
BS...anti virus software has nothing to do with network speed....and this person is being paid well to be an IT admin?? Enough said!
well not network speed but they can really slow down your PC. McAfee was the one we needed to get rid of after their "upgrade" it slowed our once fast machine down to a trickle. It tried to do so much (checking pages or whatever) that we went to another well known AVS that alone was the difference took us almost 6mo to figure out. Once McAfee was uninstalled made a world of a difference. -
well not network speed but they can really slow down your PC. McAfee was the one we needed to get rid of after their "upgrade" it slowed our once fast machine down to a trickle. It tried to do so much (checking pages or whatever) that we went to another well known AVS that alone was the difference took us almost 6mo to figure out. Once McAfee was uninstalled made a world of a difference.
Yea...I get that...that McAfee wasn't worth squat since it was introduced.... -
Came in an email disguised as a PDF file but was an executable script fileJerryR1verz wrote: »When stuff like this happens don't you just think about how productive you could have been not dealing with something that was so avoidable??? Did the crypto virus come in an email that included a dropbox link? We saw this one late last week and inevitably someone clicked the link! Our proxy appliance blocked access to the website... thank goodness.
Crypto virus' are all the rage now - high risk!
Don't those proxy appliances require a lot of management? We only have 15 PCs in our organization...
I had group policies set up so it didn't hit all of our departments. Thank god for the "Cloud"!!Main System- Scratch built 2A3 , Lightspeed preamp, Technics SP15/Graham/XV1s,Klipschorns w/ALK xovers/Trachorns, Speakercraft MT8(4), Sonos ZP90, Yamaha Aventage for surround
Office System- Adcom GTP500, Bedini 45/45,Lexicon RT-20,Enlightened Audio DAC, Polk SDA2.3TL, Northcreek Borealis -
Windows 7 defaults to Standard user when setup in the server properly(just for new users) unless an old profile is copied. I did have a couple old XP machines that were set as admin users and were changed today. I do use a centrally managed AV but the "you cant fix stupid" took over when he disabled the program. Everyone now is on lock down and cant change or delete programs now without a password. Our managed AV has a setup to block emails out of country so I wonder if that would be another safety feature or do most these come in by proxy. I had one come in last week as well with a dropbox link.westmassguy wrote: »To paraphrase Ron white, "You can cure ignorance, but you can't fix stupid"
Windows, unfortunately, defaults to Administrator when a single account is setup on a PC. I would setup limited user accounts for those who are common sense challenged. If you don't already use centrally managed Antivirus, such as Symantec Endpoint, you might want to look into it. You can lock it down.Main System- Scratch built 2A3 , Lightspeed preamp, Technics SP15/Graham/XV1s,Klipschorns w/ALK xovers/Trachorns, Speakercraft MT8(4), Sonos ZP90, Yamaha Aventage for surround
Office System- Adcom GTP500, Bedini 45/45,Lexicon RT-20,Enlightened Audio DAC, Polk SDA2.3TL, Northcreek Borealis -
I use a VPN for my machine, and a proxy for other activities. These scum will do anything to hide where they're from, so I doubt that blocking feature would help. Your managed AV should have a feature that alerts you via email when someone turns it off.deafbykhorns wrote: »Windows 7 defaults to Standard user when setup in the server properly(just for new users) unless an old profile is copied. I did have a couple old XP machines that were set as admin users and were changed today. I do use a centrally managed AV but the "you cant fix stupid" took over when he disabled the program. Everyone now is on lock down and cant change or delete programs now without a password. Our managed AV has a setup to block emails out of country so I wonder if that would be another safety feature or do most these come in by proxy. I had one come in last week as well with a dropbox link.Home Theater/2 Channel:
Front: SDA-2ATL forum.polkaudio.com/discussion/143984/my-2as-finally-finished-almost/p1
Center: Custom Built forum.polkaudio.com/discussion/150760/my-center-channel-project/p1
Surrounds & Rears: Custom Built forum.polkaudio.com/discussion/151647/my-surround-project/p1
Sonicaps, Mills, RDO-194s-198s, Dynamat, Hurricane Nuts, Blackhole5
Pioneer Elite VSX-72TXV, Carver PM-600, SVS PB2-Plus Subwoofer
dhsspeakerservice.com/ -
The proxy appliance can be expensive, not really hard to manage. It filters out the obvious stuff you don't want employees to go to while they're supposed to be working. For us it helps give more access to some and limit access to others... also allows certain folks to get to predefined channels on youtube for work purposes and not get to everything else.
I was at a conference and heard a presenter from Symantec say that anti virus is only 30% effective. Security is a multi-layer approach including a/v, internet filter, patch management, AD security, malware detection, security awareness training, and on and on and on.Polk Monitor 10
Polk Monitor 7 -
JerryR1verz wrote: »I was at a conference and heard a presenter from Symantec say that anti virus is only 30% effective. Security is a multi-layer approach including a/v, internet filter, patch management, AD security, malware detection, security awareness training, and on and on and on.
you forgot the most important one..COMMON SENSE. this mostly escapes most folks out there today.... -
Point taken. Many times we find ourselves trying to protect the users from themselves... their lack of common sense is at the core of it.Polk Monitor 10
Polk Monitor 7 -
deafbykhorns wrote: »28 hours later, I'm just about done cleaning files.
Should I fire this employee???
shoot first and ask questions later !!!!!! Y does this employee have access to disable anything ? oo ok an admin .....wow
