Definitely interested. - Sean
> On Jun 2, 2015, at 6:08 AM, James Rankin <[email protected]> wrote: > > What you need is FSLogix Java Rules Manager, only allow the vulnerable Java > version to be seen when a specific URL is visited, otherwise – it’s invisible > to the user and OS, and the latest version is used. > > I’m writing an article up on this today, if anyone’s interested in Java > version management (on a sysadmin list, who isn’t?) > > J > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Heaton, Joseph@Wildlife > Sent: 02 June 2015 14:51 > To: '[email protected]' > Subject: RE: [NTSysADM] Cryptlocker > > Update Java? That’s just crazy talk. We’re still at 7u51, with no roadmap > in place to go any higher. Not my choice, btw, it is development issues with > Oracle. > > From: [email protected] [mailto:[email protected]] > On Behalf Of Ed Ziots > Sent: Saturday, May 30, 2015 10:48 AM > To: [email protected] > Subject: RE: [NTSysADM] Cryptlocker > > Nice.strategy > > Ed > > On May 29, 2015 9:31 AM, "Robert Strong" <[email protected]> wrote: > Ensure you have the latest patches installed for Java and Flash. Exploit kits > like Angler, Nuclear and Magnitude are starting to distribute Ransomware more > frequently via drive-by download attacks and malicious advertisements on > common websites. > > We’ve had several ransomware incidents in the last few months all due to > unpatched systems. Host based detection is limited at best, but one thing I > have noticed in all incidents seen is that the malware typically uses > hxxp://ipinfo.io/ip to determine its public facing IP address. > > We have created correlation rules that detect users going to this domain via > our McAfee ESM SIEM, we then have an alarm that fires when that correlation > rule is seen and we can automatically apply an ePO tag to enforce a policy > that severely ‘disables’ the system (no R/W to network shares, restricted > HTTP/HTTPS going out). Our alarm also e-mails out some key characteristics > about the infected machine for easy identification by our IT Service Desk > team. > > Ransomware isn’t going away and it’s going to get worse. We’ve been able to > detect these IoC’s and have the issue remediated in under 7 minutes. > > Cheers, > > Rob Strong > Information Security Specialist > Equitable Life of Canada > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of David McSpadden > Sent: Thursday, May 28, 2015 7:17 PM > To: <[email protected]> > Subject: Re: [NTSysADM] Cryptlocker > > That's mine today. > What variant was yours > > Sent from my iPhone > > On May 28, 2015, at 7:14 PM, Heaton, Joseph@Wildlife > <[email protected]> wrote: > > We had that the other day. The files are getting encrypted, but the > extensions are not getting changed. > > From: [email protected] [mailto:[email protected]] > On Behalf Of Jonathan Link > Sent: Thursday, May 28, 2015 8:37 AM > To: [email protected] > Subject: Re: [NTSysADM] Cryptlocker > > The text files created should indicate the affected user with the Owner > attribute, no? > > > On Thu, May 28, 2015 at 11:30 AM, David McSpadden <[email protected]> wrote: > I am pretty sure I have pc with this on it in my network. > I have ran scans on workstations. > I still do not see it but I have the tell tale signs. > The HELP_DECRYPT files in network folders. > The word and excel files not being able to be opened etc. > How do I remove something that Trend is not seeing? > Nor Windows Endpoint protection? > > > David McSpadden > Systems Administrator > Indiana Members Credit Union > P: 317.554.8190 | F: 317.554.8106 > <image002.jpg> > > <image003.jpg> > <image004.png> > > This e-mail and any files transmitted with it are property of Indiana Members > Credit Union, are confidential, and are intended solely for the use of the > individual or entity to whom this e-mail is addressed. If you are not one of > the named recipient(s) or otherwise have reason to believe that you have > received this message in error, please notify the sender and delete this > message immediately from your computer. Any other use, retention, > dissemination, forwarding, printing, or copying of this email is strictly > prohibited. > > > Please consider the environment before printing this email. > > > IMPORTANT NOTICE: Without the use of secure encryption, the Internet is not a > secure medium and privacy cannot be ensured. Internet e-mail is vulnerable to > interception, misuse and forging. Equitable cannot ensure the privacy and > authenticity of any information sent by way of the public Internet. Equitable > will not be responsible for any damages you may incur if you communicate > confidential and personal information to us over the Internet or if we > communicate such information to you at your request. This e-mail and any > attachments are confidential, may be covered by legal professional privilege > or exempt from disclosure under applicable law, and are intended for the > addressee only. If you are not the intended recipient, you are not authorized > to and must not disclose, copy, distribute or retain any or part of this > e-mail and any attachments without written permission of The Equitable Life > Insurance Company of Canada.
