Educause Security Discussion mailing list archives

Re: Ransomware

From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Fri, 24 Oct 2014 11:48:53 +0000

Speaking strictly for only myself as a test case, I haven't had any problems
on my work or home computers in well over a year maybe two. I handled the
google/Mozilla/dropbox/juniper/bomgar etc updates by exempting code signed
by those organizations from the Applocker policy.

 

 

Gary Flynn

Security Engineer

James Madison University

Don't Be A PHISH!

IsItReal?

http://www.jmu.edu/computing/ittraining/SIGUCCS/story.html

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Hale
Sent: Thursday, October 23, 2014 2:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Ransomware

 

We have had mixed results recently with the %APPDATA% block for EXE's.  I'm
looking in to a handful of occurrences on machines we have verified had the
GPO in place.  We haven't seen any major downsides to the block.  It does
affect dropbox and firefox updates, but those can either be added as an
exception or installed in a different way.

 

All in all the %APPDATA% (and other edits) have been very effective though,

-Dave 

 

On Thu, Oct 23, 2014 at 12:47 PM, Ashfield, Matt (NBCC)
<Matt.Ashfield () nbcc ca> wrote:

Revisiting this thread from a year back..Has anyone seen any downside of the
restriction of preventing EXE's from running from %APPDATA% ?

 

Thanks


Matt

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Moll
Sent: Thursday, November 14, 2013 4:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Ransomware

 

We had a few users recently get infected with Cryptolocker.  We sent out a
college-wide email from our help desk reminding users not to open unknown
attachments, be cautious of following links, etc. 

 

We also implemented a GPO to prevent EXE's from running from %APPDATA%.  We
haven't had any reported infections since taking these two measures.

 

-Kevin

 

Kevin Moll

Manager, Network/Server Systems

Valencia College

1800 S. Kirkman Rd.

Orlando, FL 32827

  _____  

From: The EDUCAUSE Security Constituent Group Listserv
[SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Shahra Meshkaty
[meshkaty () SANDIEGO EDU]
Sent: Thursday, November 14, 2013 2:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Ransomware

Is anyone taking any particular steps to inform and communicate the risks or
prevalence of Ransomware to your campus?

Did you use this opportunity to caution them to be deligent in general or
have provided them with specifics?  Thanks

Shahra

 





 

-- 
David Hale, GCIH, GXPN, GAWN, GCIA, GCFA  <ddh () mtu edu>
Chief Information Security Officer
Michigan Technological University
Ph: 906.487.1727

Attachment: smime.p7s
Description:

Current thread:

Re: Ransomware Ashfield, Matt (NBCC) (Oct 23)
- Re: Ransomware David Hale (Oct 23)
  - Re: Ransomware Chris Green (Oct 23)
  - Re: Ransomware Cook, Dale (Oct 23)
  - Re: Ransomware Flynn, Gary - flynngn (Oct 24)