Back to Community Threads
2
CryptoWall
Question asked by Mike Roe - 9/18/2015 at 7:20 AM
Unanswered
I have now been hit 2 times with the cryptowall 3 virus.  I have paid for cyren antivirus in my subscription.  I have clamav running.   I have virus software on every computer in company updated every hour if new definitions are released.  I don't know what else to do with this virus over the email. Is there a way for me to stop this from going through the mail server?
 
 I am running Smartermail version  13.3.5535 on a 2008r2 server.  
 
Mike
 

4 Replies

Reply to Thread
1
Joe Burkhead Replied
9/18/2015 at 9:04 AM
The ONLY way to stop CryptoWall is through user education. I work hard to keep our users informed about current threats, and how to identify things that should not be clicked on.
We have been hit once, and that was not through email. User was on a website, clicked on a picture of an item she was interested in. The site had been hacked, and CW installed silently when she clicked the picture. We had minimal damage, but it was scary.
Since then, I have converted our systems to not use mapped drives to access network resources. Instead we use UNC paths, which CW cannot follow. By default, our user's documents automatically save to the network (again, UNC path), so if a machine gets infected we only have that machine to worry about.
 
But the only real protection is an educated workforce. If they click it, it's going to run...no AV or AS program is going to stop that.
0
Paul Blank Replied
9/19/2015 at 7:05 AM
It would not be surprising if, at some point, some variant or copycat of CryptoWall is taught to follow UNC paths. [[ sigh ]]
0
Joe Burkhead Replied
9/21/2015 at 11:35 AM
Well...that would be quite an accomplishment, since every company uses different server names, share names, etc. The malware would have to figure out these widely varying names in order to follow UNC. And, since 99.999% of businesses and private users do NOT use UNC paths (most don't even know how), why would the malware writers go after such a tiny group when the pickings are much easier using drive letters? Just my opinion, I guess.
0
Paul Blank Replied
9/21/2015 at 11:44 AM
Joe, you may be correct. It may be a long shot indeed, but you never know.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up SmarterMail as an IIS Site in IIS 10SmarterMail > Server Configuration and Management
Migrating SmarterMail to LinuxSmarterMail > Server Configuration and Management
Set up SmarterMail as an IIS Site in IIS 8SmarterMail > Server Configuration and Management
Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Changing Ownership of SmarterMail on Linux: A Step-by-Step GuideSmarterMail > Server Configuration and Management