Jump to content

Recommended Posts

I have a customer that was hit by both Cryptowall 3 and TeslaCrypt Ransomware on 2 separate pc's while running Malwarebytes premium and Malwarebytes Anti Exploit premium on all the pc's on the network. Neither of these strains are new so how was the infection possible. My concern is that I have a large number of customers running this combination ( Malwarebytes Premium & Anti Exploit Premium) that I have regarded as safe from this type of infection. These customers also run various paid for anti-virus programs.

Is there something I'm missing or should they be safe?

Thanks all, I look forward to your thoughts.

Link to post
Share on other sites

Hello:

 

Welcome. :)

 

In addition to the advice from @pondus, your post suggests that you are a Business customer running MBAM and MBAE in a Business environment.

 

As such, your Business licensing entitles you to free support for malware removal and other technical issues at the Business Help Desk.

You may wish to log a ticket with them >>HERE<<.

They will assist you with looking into your issues.

 

Thank you,

Link to post
Share on other sites

Things you should be aware of regarding "crypto" encrypting ransomwares:

 

If the infected computer is on a network, physically disconnect it from the network.

Unfortunately, there's little that can be done to restore damaged documents  in most cases, but sometimes you can use the "Previous Versions" tab on a file's properties to regain access to the encrypted file.

Using a tool called Shadow Explorer can also help, but in many cases, neither of these will work.

However, in most variants of these ransomwares, they also erase shadow copies.

You can read about this here:

http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

TorrentLocker (fake CryptoLocker) Ransomware Information Guide and FAQ

Malwarebytes detects against variants of this infection. However, no security application can detect and remove all threats, it's a statistical impossibility.

Security vendors across the board will miss this as new variants are created to avoid detection.

The ransomware rely mostly on user execution via opening an attachment from an unknown email source.

Outdated app utilities on user machines also play a factor in facilitating the exploit kits to come in and do damage.

The programs that are typically exploited include Java, Adobe Flash, Acrobat Reader, and Windows vulnerabilities.

There's no known tool to fix any corrupted documents at this time.

Malwarebytes Anti-Malware  can remove the infection but can't cure or resurrect the corrupted /encrypted documents & files.

The safest thing for the long term, is to wipe / erase the system and restore Windows from scratch or from a known clean system image backup.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.