I had one of my clients get hit with Cryptolocker two days ago. (They downloaded the payload from a suspect Australia Post email). This client had webroot installed on all PC's and the SBS server.
Unfortunately Webroot didn't detect/stop it and all the files accessable to that PC got encrypted.
This included files on network shares.
Just wanted to remind webroot users that although Webroot may be pushing hard with its advertising that it is the only anti-virus that can stop Cryptolocker (and reverse out the encrypted file changes - decrypt) - THIS IS NOT the case for network files encrypted by an infected PC. (it is only local files to the PC!!) - And this is the most likely infection scenario.
Second thing to mention (and this should go without saying) - Make sure you have good reliable backups. Luckily my client got the cryptolocker infection 1st thing Monday morning and we could restore all their network files from Sunday night's backup with minimal data loss. They did lose some files they had saved on their desktop (but that was minor)
One last point to note - Dropbox does its job pretty well when it comes to synching encrypted files to all your shared Dropbox folders and can be a chore to clean-up as the files get cached and have to be replaced in a particular order, otherwise they keep coming back 🙂
Cryptolocker - Not detected by Webroot and unable to rollback encrypted network files
+56Sorry that you got hit by cryptolocker. The folks behind the malware are continually updating it to try and bypass our defenses, so it is a bit of a cat and mouse game with the newest versions that come out.
You are right about the network shares - the problem with that is if we journalled files on network shares we'd soon run out of storage space, since multiple computers can access them. Unless it is the server itself that is infected, the rollback won't work for network shares.
Glad to hear you had good recent backups that you were able to restore. It's still a lot of lost productivity though - I wish that the folks behind this malware would get caught and locked up once and for all.
You are right about the network shares - the problem with that is if we journalled files on network shares we'd soon run out of storage space, since multiple computers can access them. Unless it is the server itself that is infected, the rollback won't work for network shares.
Glad to hear you had good recent backups that you were able to restore. It's still a lot of lost productivity though - I wish that the folks behind this malware would get caught and locked up once and for all.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.