2
CryptoWall
Question asked by Mike Roe - September 18, 2015 at 7:20 AM
Unanswered
I have now been hit 2 times with the cryptowall 3 virus.  I have paid for cyren antivirus in my subscription.  I have clamav running.   I have virus software on every computer in company updated every hour if new definitions are released.  I don't know what else to do with this virus over the email. Is there a way for me to stop this from going through the mail server?
 
 I am running Smartermail version  13.3.5535 on a 2008r2 server.  
 
Mike
 

1 Reply

Reply to Thread
1
Joe Burkhead Replied
September 18, 2015 at 9:04 AM
The ONLY way to stop CryptoWall is through user education. I work hard to keep our users informed about current threats, and how to identify things that should not be clicked on.
We have been hit once, and that was not through email. User was on a website, clicked on a picture of an item she was interested in. The site had been hacked, and CW installed silently when she clicked the picture. We had minimal damage, but it was scary.
Since then, I have converted our systems to not use mapped drives to access network resources. Instead we use UNC paths, which CW cannot follow. By default, our user's documents automatically save to the network (again, UNC path), so if a machine gets infected we only have that machine to worry about.
 
But the only real protection is an educated workforce. If they click it, it's going to run...no AV or AS program is going to stop that.

Reply to Thread