Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6698 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CryptoWall 2.0

Coretex

Hello,

Recently we have had a CryptoWall 2.0 infection hit one of our machines. We were fortunate enough for it to just encrypt the local content, and nothing on the servers.

We have been having a hell of a time trying to locate the file that this infection originated from, to try and prevent a repeat infection.

After spending some time looking for anything (ANYTHING) of interest, we have found nothing. It does appear that CryptoWall 2.0 removes itself once it's finished encrypting everything it can.

Does anyone have any experience or helpful tips with this?

Cheers :)

:54111


This thread was automatically locked due to age.
Parents
  • 0

    Hello Coretex,

    we could not find any trace left behind

    yeah, it's tricky as the malware uses drive-by. If you know the time it started check the browser caches, the user's %TEMP% and other commonly writable locations for anything from around this time - usually the stuff is not more than a few hundred kB. That's all I can suggest - so far I've always found at least a little something.

    Christian

    :54137
Reply
  • 0

    Hello Coretex,

    we could not find any trace left behind

    yeah, it's tricky as the malware uses drive-by. If you know the time it started check the browser caches, the user's %TEMP% and other commonly writable locations for anything from around this time - usually the stuff is not more than a few hundred kB. That's all I can suggest - so far I've always found at least a little something.

    Christian

    :54137
Children
No Data