Educause Security Discussion mailing list archives
Re: Teslacrypt
From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Wed, 22 Apr 2015 17:36:05 +0000
By all means prevention is the key. For the prevention, there isn't a panacea. It's all about layered approach of variety of preventative, detective, directive, corrective, recovery, and compensating controls at both the network and host level to help you defend externally and internally. Clean up can be ugly and we may never be assure if we removed all malware tentacles. Once infected rebuilding from known good and clean source is the safest path. Backup can be helpful if you validated that it's without variations of the malware. Focus on incident response strategy: prevention, detection, containment, recovery, etc. before you need it. Focus on the attack vectors and how this malware is delivered. Exploits target vulnerabilities in OS, app, plugin. Malware can be delivered via email attachment, drive by download, etc. Figure out if you are protecting servers, clients, or both. Figure out where the asset sits on the network and what protective controls you may have. Figure out who you are protecting from: the outsider or the insider. Take a look at SANS Top 20 (#5 more specifically) https://www.sans.org/critical-security-controls/. Don't focus on just Teslacrypt focus on malware and better yet type of threats. Hope that helps. Vel Pavlov | Sr. IT Security Analyst M.Sc., CISSP, C|EH, C)PTE, Security+, ITIL, A+ Notice:This email message and any attachments are for the confidential use of the intended recipient. If that isn't you, please do not read the message or attachments, or distribute or act in reliance on them. If you have received this message by mistake, please immediately notify us and delete this message and any attachments. Thank you. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gayford, Matthew C. Sent: Wednesday, April 22, 2015 10:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Teslacrypt We have had a few reports recently of computers on campus becoming infected with TeslaCrypt (https://isc.sans.edu/forums/diary/Exploit+kits+still+pushing+Teslacrypt+ransomware/19581/). Has anyone else seen this infection as of late? Apparently it aggressively targets saved games and configuration files on the infected machine. I am wondering if there are any preventative measures that could counter this threat. We have been promoting regular backups and safe browsing habits. Thanks, -Matt Matthew C. Gayford, M.S., EnCE IT Security Specialist, Infrastructure
Current thread:
- Teslacrypt Gayford, Matthew C. (Apr 22)
- Re: Teslacrypt Velislav K Pavlov (Apr 22)