This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ICE Cyber Crime ransomware assistance

Yesterday a user running up to date Sophos Endpoint Security was infected with Ice Cyber Crime ransomware. The system could not even be booted into safe mode and once it appeared to be removed and Sophos again showed an up to date status, the ransomware returned.

Has anyone seen issues with this? The traditional suggestions for removal (aside from paying the "ransom") have not been working.

This thread was automatically locked due to age.

Parents

0 searbet over 11 years ago

Was "multitasking" and missed this part:
If the machine is running, has malware on it, but can still be managed assign it a policy with all detection mechanisms enabled (if they aren't anyway) - HIPS, suspicious files and so on. Run a scan (for everything and all files). As you likely want to obtain a sample do not use automatic cleanup and do not request deletion (for a scheduled scan uncheck run at lower priority).
Good suggestion for future reference.
Thanks.
:48198
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 searbet over 11 years ago

Was "multitasking" and missed this part:
If the machine is running, has malware on it, but can still be managed assign it a policy with all detection mechanisms enabled (if they aren't anyway) - HIPS, suspicious files and so on. Run a scan (for everything and all files). As you likely want to obtain a sample do not use automatic cleanup and do not request deletion (for a scheduled scan uncheck run at lower priority).
Good suggestion for future reference.
Thanks.
:48198
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data