Re: Teslacrypt

[Velislav K Pavlov <VelislavPavlov () FERRIS EDU>]

By all means prevention is the key. For the prevention, there isn't a panacea. It's all about layered approach of 
variety of preventative, detective, directive, corrective, recovery, and compensating controls at both the network and 
host level to help you defend externally and internally. Clean up can be ugly and we may never be assure if we removed 
all malware tentacles. Once infected rebuilding from known good and clean source is the safest path. Backup can be 
helpful if you validated that it's without variations of the malware. Focus on incident response strategy: prevention, 
detection, containment, recovery, etc. before you need it.

Focus on the attack vectors and how this malware is delivered. Exploits target vulnerabilities in OS, app, plugin. 
Malware can be delivered via email attachment, drive by download, etc. Figure out if you are protecting servers, 
clients, or both. Figure out where the asset sits on the network and what protective controls you may have. Figure out 
who you are protecting from: the outsider or the insider. Take a look at SANS Top 20 (#5 more specifically) 
https://www.sans.org/critical-security-controls/. Don't focus on just Teslacrypt focus on malware and better yet type 
of threats. Hope that helps.

Vel Pavlov | Sr. IT Security Analyst
M.Sc., CISSP, C|EH, C)PTE, Security+, ITIL, A+


Notice:This email message and any attachments are for the confidential use of the intended recipient. If that isn't 
you, please do not read the message or attachments, or distribute or act in reliance on them. If you have received this 
message by mistake, please immediately notify us and delete this message and any attachments. Thank you.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gayford, 
Matthew C.
Sent: Wednesday, April 22, 2015 10:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Teslacrypt

We have had a few reports recently of computers on campus becoming infected with TeslaCrypt 
(https://isc.sans.edu/forums/diary/Exploit+kits+still+pushing+Teslacrypt+ransomware/19581/). Has anyone else seen this 
infection as of late? Apparently it aggressively targets saved games and configuration files on the infected machine. I 
am wondering if there are any preventative measures that could counter this threat. We have been promoting regular 
backups and safe browsing habits.

Thanks,
-Matt

Matthew C. Gayford, M.S., EnCE
IT Security Specialist, Infrastructure