Jump to content

Cryptowall 3.0


Tex_Cin
 Share

Recommended Posts

Two of my workstations were hit with Cryptowall 3.0 this week. I've taken down the network and we're running all workstations independent of the network while trying to figure out how it got in. The two workstations affected were both running an Outlook (2013) add-in called Save as PDF by Sperry Software (we are a small firm with 80% of our communication done by email so we archive pdf copies of email instead of printing and saving the correspondence in our paper files). We believe the malware may have been delivered with an email containing a resume attachment that neither user opened. Both users had unopened copies of that email in their delected folders. Is it possible the add-in activated the malware when it converted the email and the attachment to pdf? Here is a copy of the Sperry description of the add-in.

The add-in first converts the email to PDF, then takes each attachment and inserts that into the PDF as well. It works on Microsoft® Word® files (.doc and .docx), Microsoft Excel® files (.xls and .xlsx), Microsoft Powerpoint® files (.ppt and .pptx), plain text files (.txt), HTML files (.htm and .html), PDF files, image files (.tif, .jpg, .gif, .png, plus other image file formats) and even unpacks compressed zip files!

Fortunately even though this malware made it to the network through mapped drives, our backup system (I call it 3-2-1 and a spare) saved us from shutting down the business.

Any thoughts on this would be appreciated. I want to take whatever steps are necessary to prevent this from happening again.

Link to post
Share on other sites

Hi:

You wrote:
 

Two of my workstations were hit with Cryptowall 3.0 this week. I've taken down the network and we're running all workstations independent of the network while trying to figure out how it got in. <snip>
Fortunately even though this malware made it to the network through mapped drives, our backup system (I call it 3-2-1 and a spare) saved us from shutting down the business.


In addition to David H. Lipman's expert advice.... :)

 

I see that you have started a new post in the Malware Removal section HERE.

 

Your post suggests that the affected systems are in a business environment?

This forum (including the malware removal section) is targeted largely to home users with personal computers, and to cleaning one computer at a time.

 

As you have multiple business computers involved, you might wish to consider other support options.

These might include local, professional, on-site technical support, and/or logging a ticket with the Business Help Desk HERE.

 

Just a suggestion. :)

 

Thank you,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.