Educause Security Discussion mailing list archives
Re: Ransomware
From: "Cook, Dale" <dale.cook () TAMU EDU>
Date: Thu, 23 Oct 2014 18:41:37 +0000
Likewise, we successfully deployed the %APPDATA% execution restrictions via GPO. Exceptions have to be made or the policy disabled before apps/updates are installed, but we are satisfied with the results. Dale Cook, CISSP | Senior IT Manager Division of Finance and Administration IT Services | Texas A&M University 1182 TAMU | College Station, TX 77843-1182 ph: 979.845.8276 | fax: 979.458.4390 | <mailto:dale.cook () tamu edu> dale.cook () tamu edu <http://financeits.tamu.edu/> financeits.tamu.edu _______________________________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Hale Sent: Thursday, October 23, 2014 1:23 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Ransomware We have had mixed results recently with the %APPDATA% block for EXE's. I'm looking in to a handful of occurrences on machines we have verified had the GPO in place. We haven't seen any major downsides to the block. It does affect dropbox and firefox updates, but those can either be added as an exception or installed in a different way. All in all the %APPDATA% (and other edits) have been very effective though, -Dave On Thu, Oct 23, 2014 at 12:47 PM, Ashfield, Matt (NBCC) <Matt.Ashfield () nbcc ca <mailto:Matt.Ashfield () nbcc ca> > wrote: Revisiting this thread from a year back..Has anyone seen any downside of the restriction of preventing EXE's from running from %APPDATA% ? Thanks Matt From: The EDUCAUSE Security Constituent Group Listserv [mailto: <mailto:SECURITY () LISTSERV EDUCAUSE EDU> SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Moll Sent: Thursday, November 14, 2013 4:34 AM To: <mailto:SECURITY () LISTSERV EDUCAUSE EDU> SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Ransomware We had a few users recently get infected with Cryptolocker. We sent out a college-wide email from our help desk reminding users not to open unknown attachments, be cautious of following links, etc. We also implemented a GPO to prevent EXE's from running from %APPDATA%. We haven't had any reported infections since taking these two measures. -Kevin Kevin Moll Manager, Network/Server Systems Valencia College 1800 S. Kirkman Rd. Orlando, FL 32827 _____ From: The EDUCAUSE Security Constituent Group Listserv [ <mailto:SECURITY () LISTSERV EDUCAUSE EDU> SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Shahra Meshkaty [ <mailto:meshkaty () SANDIEGO EDU> meshkaty () SANDIEGO EDU] Sent: Thursday, November 14, 2013 2:29 AM To: <mailto:SECURITY () LISTSERV EDUCAUSE EDU> SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Ransomware Is anyone taking any particular steps to inform and communicate the risks or prevalence of Ransomware to your campus? Did you use this opportunity to caution them to be deligent in general or have provided them with specifics? Thanks Shahra -- David Hale, GCIH, GXPN, GAWN, GCIA, GCFA <ddh () mtu edu <mailto:ddh () mtu edu>
Chief Information Security Officer Michigan Technological University Ph: 906.487.1727
Attachment:
smime.p7s
Description:
Current thread:
- Re: Ransomware Ashfield, Matt (NBCC) (Oct 23)
- Re: Ransomware David Hale (Oct 23)
- Re: Ransomware Chris Green (Oct 23)
- Re: Ransomware Cook, Dale (Oct 23)
- Re: Ransomware Flynn, Gary - flynngn (Oct 24)
- Re: Ransomware David Hale (Oct 23)