Probably not pants. On Wed, Jun 3, 2015 at 12:26 PM, James Rankin <[email protected]> wrote:
> Let me get you an answer on that…maybe something I should have tested > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Heaton, Joseph@Wildlife > *Sent:* 03 June 2015 17:22 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > So, it looks like FSLogix only works with IE? Is that true? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *James Rankin > *Sent:* Tuesday, June 02, 2015 11:16 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > OK, quick and dirty run-down, but I’m sure you can all get the gist of it > (hopefully!) > > > > > http://appsensebigot.blogspot.co.uk/2015/06/fslogix-first-look-1-managing-legacy-or.html > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Kurt Buff > *Sent:* 02 June 2015 17:38 > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Yes, please put up the link here when done. > > Kurt > > > > On Tue, Jun 2, 2015 at 8:43 AM, James Rankin <[email protected]> > wrote: > > I shall endeavour to finish this as soon as possible then! > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Maglinger, Paul > *Sent:* 02 June 2015 16:12 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Me too! > > > > -Paul > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Sean Martin > *Sent:* Tuesday, June 02, 2015 10:07 AM > > > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > Definitely interested. > > - Sean > > > On Jun 2, 2015, at 6:08 AM, James Rankin <[email protected]> > wrote: > > What you need is FSLogix Java Rules Manager, only allow the vulnerable > Java version to be seen when a specific URL is visited, otherwise – it’s > invisible to the user and OS, and the latest version is used. > > > > I’m writing an article up on this today, if anyone’s interested in Java > version management (on a sysadmin list, who isn’t?) > > > > J > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Heaton, Joseph@Wildlife > *Sent:* 02 June 2015 14:51 > *To:* '[email protected]' > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Update Java? That’s just crazy talk. We’re still at 7u51, with no > roadmap in place to go any higher. Not my choice, btw, it is development > issues with Oracle. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Ed Ziots > *Sent:* Saturday, May 30, 2015 10:48 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] Cryptlocker > > > > Nice.strategy > > Ed > > On May 29, 2015 9:31 AM, "Robert Strong" <[email protected]> wrote: > > Ensure you have the latest patches installed for Java and Flash. Exploit > kits like Angler, Nuclear and Magnitude are starting to distribute > Ransomware more frequently via drive-by download attacks and malicious > advertisements on common websites. > > > > We’ve had several ransomware incidents in the last few months all due to > unpatched systems. Host based detection is limited at best, but one thing I > have noticed in all incidents seen is that the malware typically uses > hxxp://ipinfo.io/ip to determine its public facing IP address. > > > > We have created correlation rules that detect users going to this domain > via our McAfee ESM SIEM, we then have an alarm that fires when that > correlation rule is seen and we can automatically apply an ePO tag to > enforce a policy that severely ‘disables’ the system (no R/W to network > shares, restricted HTTP/HTTPS going out). Our alarm also e-mails out some > key characteristics about the infected machine for easy identification by > our IT Service Desk team. > > > > Ransomware isn’t going away and it’s going to get worse. We’ve been able > to detect these IoC’s and have the issue remediated in under 7 minutes. > > > > Cheers, > > > > *Rob Strong* > > *Information Security Specialist* > > Equitable Life of Canada > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *David McSpadden > *Sent:* Thursday, May 28, 2015 7:17 PM > *To:* <[email protected]> > *Subject:* Re: [NTSysADM] Cryptlocker > > > > That's mine today. > > What variant was yours > > Sent from my iPhone > > > On May 28, 2015, at 7:14 PM, Heaton, Joseph@Wildlife < > [email protected]> wrote: > > We had that the other day. The files are getting encrypted, but the > extensions are not getting changed. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jonathan Link > *Sent:* Thursday, May 28, 2015 8:37 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Cryptlocker > > > > The text files created should indicate the affected user with the Owner > attribute, no? > > > > > > On Thu, May 28, 2015 at 11:30 AM, David McSpadden <[email protected]> wrote: > > I am pretty sure I have pc with this on it in my network. > > I have ran scans on workstations. > > I still do not see it but I have the tell tale signs. > > The HELP_DECRYPT files in network folders. > > The word and excel files not being able to be opened etc. > > How do I remove something that Trend is not seeing? > > Nor Windows Endpoint protection? > > > > > > *David McSpadden* > > Systems Administrator > > Indiana Members Credit Union > > P: 317.554.8190 | F: 317.554.8106 > > [image: Description: imcu email icon] <http://imcu.com/> <image002.jpg> > <https://www.facebook.com/IndianaMembersCU> [image: Description: twitter > email icon] <https://twitter.com/IndMembersCU> > > > > <image003.jpg> > > <image004.png> > > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > > > Please consider the environment before printing this email. > > > > IMPORTANT NOTICE: Without the use of secure encryption, the Internet is > not a secure medium and privacy cannot be ensured. Internet e-mail is > vulnerable to interception, misuse and forging. Equitable cannot ensure the > privacy and authenticity of any information sent by way of the public > Internet. Equitable will not be responsible for any damages you may incur > if you communicate confidential and personal information to us over the > Internet or if we communicate such information to you at your request. This > e-mail and any attachments are confidential, may be covered by legal > professional privilege or exempt from disclosure under applicable law, and > are intended for the addressee only. If you are not the intended recipient, > you are not authorized to and must not disclose, copy, distribute or retain > any or part of this e-mail and any attachments without written permission > of The Equitable Life Insurance Company of Canada. > > >
