England and the US, two peoples separated by a common language. On Tue, Jun 2, 2015 at 4:08 PM, Webster <[email protected]> wrote:
> When I spoke at Briforum London a couple of years ago, I had to run some > of my session remarks by James. I am glad I did as some of the things we > say in American English can be very offensive and very non PC in England. > Plus, James had to school me on British slang. > > > > If you ever meet James, make sure you have your listening ears on. But you > still may not be able to understand a word he says even though he > supposedly speaks “English”. J > > > > Thanks > > > > > > Webster > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kennedy, Jim > *Sent:* Tuesday, June 02, 2015 2:59 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Done. I had to look up pants. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Rankin, James R > *Sent:* Tuesday, June 2, 2015 3:52 PM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Knock yourself out, I'm short on blog visitors since doing BriForum (and > yes, you'd be pants if you didn't) > > ------- > > James Rankin | Director | TaloSys | 07809668579 > Sent from my Blackberry > ------------------------------ > > *From: *"Kennedy, Jim" <[email protected]> > > *Sender: *"[email protected]" <[email protected]> > > > *Date: *Tue, 2 Jun 2015 20:06:40 +0100 > > *To: *'[email protected]'<[email protected]> > > *ReplyTo: *"[email protected]" <[email protected]> > > *Subject: *RE: [NTSysADM] Cryptlocker > > > > Mind if I tweet this out? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *James Rankin > *Sent:* Tuesday, June 2, 2015 2:35 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > OK, quick and dirty run-down, but I’m sure you can all get the gist of it > (hopefully!) > > > > > http://appsensebigot.blogspot.co.uk/2015/06/fslogix-first-look-1-managing-legacy-or.html > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Kurt Buff > *Sent:* 02 June 2015 17:38 > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Yes, please put up the link here when done. > > Kurt > > > > On Tue, Jun 2, 2015 at 8:43 AM, James Rankin <[email protected]> > wrote: > > I shall endeavour to finish this as soon as possible then! > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Maglinger, Paul > *Sent:* 02 June 2015 16:12 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Me too! > > > > -Paul > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Sean Martin > *Sent:* Tuesday, June 02, 2015 10:07 AM > > > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Definitely interested. > > - Sean > > > On Jun 2, 2015, at 6:08 AM, James Rankin <[email protected]> > wrote: > > What you need is FSLogix Java Rules Manager, only allow the vulnerable > Java version to be seen when a specific URL is visited, otherwise – it’s > invisible to the user and OS, and the latest version is used. > > > > I’m writing an article up on this today, if anyone’s interested in Java > version management (on a sysadmin list, who isn’t?) > > > > J > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Heaton, Joseph@Wildlife > *Sent:* 02 June 2015 14:51 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Update Java? That’s just crazy talk. We’re still at 7u51, with no > roadmap in place to go any higher. Not my choice, btw, it is development > issues with Oracle. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Ed Ziots > *Sent:* Saturday, May 30, 2015 10:48 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Nice.strategy > > Ed > > On May 29, 2015 9:31 AM, "Robert Strong" <[email protected]> wrote: > > Ensure you have the latest patches installed for Java and Flash. Exploit > kits like Angler, Nuclear and Magnitude are starting to distribute > Ransomware more frequently via drive-by download attacks and malicious > advertisements on common websites. > > > > We’ve had several ransomware incidents in the last few months all due to > unpatched systems. Host based detection is limited at best, but one thing I > have noticed in all incidents seen is that the malware typically uses > hxxp://ipinfo.io/ip to determine its public facing IP address. > > > > We have created correlation rules that detect users going to this domain > via our McAfee ESM SIEM, we then have an alarm that fires when that > correlation rule is seen and we can automatically apply an ePO tag to > enforce a policy that severely ‘disables’ the system (no R/W to network > shares, restricted HTTP/HTTPS going out). Our alarm also e-mails out some > key characteristics about the infected machine for easy identification by > our IT Service Desk team. > > > > Ransomware isn’t going away and it’s going to get worse. We’ve been able > to detect these IoC’s and have the issue remediated in under 7 minutes. > > > > Cheers, > > > > *Rob Strong* > > *Information Security Specialist* > > Equitable Life of Canada > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *David McSpadden > *Sent:* Thursday, May 28, 2015 7:17 PM > *To:* <[email protected]> > *Subject:* Re: [NTSysADM] Cryptlocker > > > > That's mine today. > > What variant was yours > > Sent from my iPhone > > > On May 28, 2015, at 7:14 PM, Heaton, Joseph@Wildlife < > [email protected]> wrote: > > We had that the other day. The files are getting encrypted, but the > extensions are not getting changed. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jonathan Link > *Sent:* Thursday, May 28, 2015 8:37 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > The text files created should indicate the affected user with the Owner > attribute, no? > > > > > > On Thu, May 28, 2015 at 11:30 AM, David McSpadden <[email protected]> wrote: > > I am pretty sure I have pc with this on it in my network. > > I have ran scans on workstations. > > I still do not see it but I have the tell tale signs. > > The HELP_DECRYPT files in network folders. > > The word and excel files not being able to be opened etc. > > How do I remove something that Trend is not seeing? > > Nor Windows Endpoint protection? > > > > > > *David McSpadden* > > Systems Administrator > > Indiana Members Credit Union > > P: 317.554.8190 | F: 317.554.8106 > > [image: Description: imcu email icon] <http://imcu.com/> <image002.jpg> > <https://www.facebook.com/IndianaMembersCU> [image: Description: twitter > email icon] <https://twitter.com/IndMembersCU> > > > > <image003.jpg> > > <image004.png> > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > > IMPORTANT NOTICE: Without the use of secure encryption, the Internet is > not a secure medium and privacy cannot be ensured. Internet e-mail is > vulnerable to interception, misuse and forging. Equitable cannot ensure the > privacy and authenticity of any information sent by way of the public > Internet. Equitable will not be responsible for any damages you may incur > if you communicate confidential and personal information to us over the > Internet or if we communicate such information to you at your request. This > e-mail and any attachments are confidential, may be covered by legal > professional privilege or exempt from disclosure under applicable law, and > are intended for the addressee only. If you are not the intended recipient, > you are not authorized to and must not disclose, copy, distribute or retain > any or part of this e-mail and any attachments without written permission > of The Equitable Life Insurance Company of Canada. > > >
