Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CryptoWall 2.0

Coretex

Hello,

Recently we have had a CryptoWall 2.0 infection hit one of our machines. We were fortunate enough for it to just encrypt the local content, and nothing on the servers.

We have been having a hell of a time trying to locate the file that this infection originated from, to try and prevent a repeat infection.

After spending some time looking for anything (ANYTHING) of interest, we have found nothing. It does appear that CryptoWall 2.0 removes itself once it's finished encrypting everything it can.

Does anyone have any experience or helpful tips with this?

Cheers :)

:54111


This thread was automatically locked due to age.
Parents
  • 0

    Hi, thanks for the response.

    While I understand it's difficult to 100% prevent a repeat infection, finding the file that caused the issue in the first place would go a long way towards at least knowing what we are dealing with, so we can take steps to protect our data.

    The main reason for posting was because we could not find any trace left behind besides some .txt and .html files it floods the profile with.

    Any excecutables related to the virus seem to be gone.

    As far as I can tell at this point it seems to remove itself as part of the encryption process.

    :54129
Reply
  • 0

    Hi, thanks for the response.

    While I understand it's difficult to 100% prevent a repeat infection, finding the file that caused the issue in the first place would go a long way towards at least knowing what we are dealing with, so we can take steps to protect our data.

    The main reason for posting was because we could not find any trace left behind besides some .txt and .html files it floods the profile with.

    Any excecutables related to the virus seem to be gone.

    As far as I can tell at this point it seems to remove itself as part of the encryption process.

    :54129
Children
No Data