3. Got hit with Cryptolocker on Monday

Got hit with Cryptolocker on Monday

In no particular order of importance, do ALL of them...

  • Make some real firewall rules - DON'T just leave the default allow-any-outbound rules - ONLY allow traffic outbound on ports that you actually use/need, Example for DCs: 53,80,123,443,3544 Example for End-Users: 80,443,1935,3544

  • CryptoPrevent or some other Group Policy based software run restrictions - don't let any executable run from a temp location.

  • An end-user should never be a local admin. Admit it, you did this once-upon-a-time only cause you were tired/lazy and didn't take the time to set the permissions right on something.

  • Automatically remove all shares if/when the encryption starts to happen, see example here This can also be setup to email you the moment it happens, the filename, and the user who did it.

  • Use an Internet filter to block all the ccTLD's and IDN's your company doesn't really need - also block the known bad/malware domains - better yet also block advertisements (the source of much badware) - we use DNS Redirector, it's great and it doesn't cost a fortune.

  • Prevent access to any URL with an IP in it - only bad guys do links like http://93.184.216.34 - everything else should be a DNS name like http://example.com and therefore a DNS lookup (which is filtered) before getting out to the Internet.

  • User training: re-enforce that users should not click on things that look phishy, are spelled wrong, or they were not expecting - even if the email looks like it's someone they know. Provide a contest for the "crappiest email of the week/month" employee's should forward (or perhaps safer to print and submit them) and then IT picks the winner of a free [insert something more valuable than a bouncy-ball here] You can also do the inverse/negative approach: user who opens something infected must proudly display the dreaded [insert something more inappropriate than a bag of dog crap] at their desk for a whole week, they are not allowed to decorate/hide it.

  • Implement spam/email message filtering, if your users can't get to a bad link, then they can't click on a bad link.

  • Do backups, check that they are actually working. Make a "compliance game" if someone else (in your IT department) can delete a file (they should make their own backup first) and you can't restore it - then you owe them lunch. Shit get's solved real fast.

  • Try executable whitelisting, the idea being only software you know about can run, I think this is extreme and haven't resorted to doing it myself.

/r/sysadmin Thread
Previous
Next

Recently removed from /r/sysadmin

I know of a crazy vulnerable Exchange server at my old work. What to do? Details inside. Intune Windows LAPS - Configuration Profile Applies Successfully, Yet Nothing Happens...Why? Woman starting in IT next month. Should I be worried or not? How to run a meaningful CyberSecurity Risk Workshop/Assesment Amazon Outage I don't know what I'm doing and I need help What's the point of using BitLocker with TPM instead of password when someone can always access your computer without entering a password on boot? How many of you despise IoT? Onboarding 1200 New Users - how to communicate passwords? Gen Z also doesn't understand desktops. after decades of boomers going "Y NO WORK U MAKE IT GO" it's really, really sad to think the new generation might do the same thing to all of us Modern SQL Express Backup Solution [GA] Employee claims she can't use Microsoft Windows for "Religious Reasons" So I got a "correctional talk" yesterday. Rant about new age "senior" IT "specialists" who don't know how to wipe their butt. Do you think remote work is slowly dying? Most companies seem to be pushing RTO, even big tech you folks think ?

More Random Comments

I’d like to try transferring into a better college—is it worth retaking the SAT and/or ACT? Mi az igazság a balatoni fizetésekkel kapcsolatban? Does anybody has this post stored somewhere? i had it bookmarked and it seems that the original post got deleted, its about a Chara and the whole Theory about Chara being the narrator and overanalisys of the CHARActer They are Real. They attach to your Lower Chakras and harvest Loosh Energy from you. They hate humans and see them as cattle to be enslaved, exploited, and disposed. Any recommendations for documentaries about Vietnam’s history that doesn’t revolve around the Vietnam Conflict? [WTS] PRICE DROP STNGR VYPR, PSA 16” M-Lok complete rifle kit (no lower) $90+ What was your Actual „We against the world“ Story? What do you think about Vietnamese students? Florida state is attempting to make child rape punishable by death. Do you think child rape warrants a death penalty? Why or why not? [GIVEAWAY] horizon forbidden west- US digital code Some painfully underrated knives in my opinion. Wanna hear y’all’s in the comments Bard deserves longswords and throwing knives Adult and juvenile swordfish SNP fears Nicola Sturgeon arrest is imminent what are your thoughts on this