Cryptowall 3.0

[Tex_Cin]

Two of my workstations were hit with Cryptowall 3.0 this week. I've taken down the network and we're running all workstations independent of the network while trying to figure out how it got in. The two workstations affected were both running an Outlook (2013) add-in called Save as PDF by Sperry Software (we are a small firm with 80% of our communication done by email so we archive pdf copies of email instead of printing and saving the correspondence in our paper files). We believe the malware may have been delivered with an email containing a resume attachment that neither user opened. Both users had unopened copies of that email in their delected folders. Is it possible the add-in activated the malware when it converted the email and the attachment to pdf? Here is a copy of the Sperry description of the add-in.

The add-in first converts the email to PDF, then takes each attachment and inserts that into the PDF as well. It works on Microsoft® Word® files (.doc and .docx), Microsoft Excel® files (.xls and .xlsx), Microsoft Powerpoint® files (.ppt and .pptx), plain text files (.txt), HTML files (.htm and .html), PDF files, image files (.tif, .jpg, .gif, .png, plus other image file formats) and even unpacks compressed zip files!

Fortunately even though this malware made it to the network through mapped drives, our backup system (I call it 3-2-1 and a spare) saved us from shutting down the business.

Any thoughts on this would be appreciated. I want to take whatever steps are necessary to prevent this from happening again.

[David H. Lipman]

General PC Help

 

Post your Windows, Hardware, Networking, and Software questions here. Questions regarding malware should be posted in Malware Removal Help.

 
Here is the;  Malware Removal Help sub-forum.

[daledoc1]

Hi:

You wrote:
 

Two of my workstations were hit with Cryptowall 3.0 this week. I've taken down the network and we're running all workstations independent of the network while trying to figure out how it got in. <snip>
Fortunately even though this malware made it to the network through mapped drives, our backup system (I call it 3-2-1 and a spare) saved us from shutting down the business.

In addition to David H. Lipman's expert advice....

 

I see that you have started a new post in the Malware Removal section HERE.

 

Your post suggests that the affected systems are in a business environment?

This forum (including the malware removal section) is targeted largely to home users with personal computers, and to cleaning one computer at a time.

 

As you have multiple business computers involved, you might wish to consider other support options.

These might include local, professional, on-site technical support, and/or logging a ticket with the Business Help Desk HERE.

 

Just a suggestion.

 

Thank you,