Jump to content

*.ppyjpoh file extension?


Recommended Posts

We are experiencing an issue where files on 2 file servers are ending up with a file extension of *.ppyjpoh. We have scanned with Symantec Endpoint 12 and Malwarebytes using the latest updates and nothing has been found. Google and forum searches do not find anything on that file extension. The weird part about it is that not all the files are getting renamed with this extension. No individual PC's have turned up with any cryptolocker messages or pop ups. Any ideas? 

Link to post
Share on other sites

Chances are the servers, or clients, are infected with a cryptographic trojan and the files that have .ppyjpoh appended to them have been encrypted.

 

If this is a Business and if this is a case of cryptovirology on file servers, one should not seek forum help but should seek professional help.

Link to post
Share on other sites

Chances are the servers, or clients, are infected with a cryptographic trojan and the files that have .ppyjpoh appended to them have been encrypted.

 

If this is a Business and if this is a case of cryptovirology on file servers, one should not seek forum help but should seek professional help.

Well I am the IT professional, but doing the research has turned up nothing on that. My team and I are used to cleaning malware/viruses but this is different.

Link to post
Share on other sites

OK.  Are we dealing with Network Shares for organizational data ?

 

Are these files like;  Budget 2014.XLSx.ppyjpo

 

Example:

xls_encrypted.png

Yes similar to that. We now are tracking down the PC's I am seeing unusual broadcast traffic from. It is strange since nobody is reporting any symptoms. 

Link to post
Share on other sites

This a major issue if thi is a business and seeking assistance in a forum is just not enough, especially at a Free Level.

It is one thing when an individual is hit with a crypto trojan, it is totally differenty when an organization is hit with a Crypto trojan and company data is at risk.

 

This is a simplistic overview and is NOT all encompassing and I strongly urge you seek professional assistance.

 

1.  Based upon the File Share and Permissions, the share needs to be disabled and the culprit computers need to be taken offline and PREFERABLY wiped and re imaged.

 

2.  Delete all encrypted files

 

3.  Restore all data that had been encrypted from the prior-time relative backup.

 

4.  Perform a corporate wise security scan and check to make sure all computers are clean

 

5.  Re-enable File Shares

 

6.  Re-examine how email for personnel is performed and if personal email should be accessible.  This may include email rules excluding ZIP and RAR attachments from the POV of the Internet

 

7.  Re-examine your anti malware implementation for such things as a layered approach, centralized management and Policy Implementation

 

8.  Re-examine your Group Policy Object imnplementation

 

9.  Retrain users and institute an annual Situational Awareness Training program

 

What you do and how you go about it will depend on the size of the organization and your topology. 

That is why I strongly suggest bringing in Professional Help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.