We just got hit by cryptowall via an email with a link to cubby.com that led to an exploit. I have been on planes all day (still am), so I have not been able to investigate much yet.
We do much to prevent crytpo-varients, or so I thought:
- Users are non-admins on local PCs
- We block execution out of all temp directories (not going to list them all at this point)
- We use Red Condor for spam/virus filtering at edge before it hits Exchange server
- We use ESET Antivirus for Exchange on server
- We use ESET endpoint antivirus for all endpoints
- We use a scripted ninite to be sure we update attack vectors like flash/java/etc. weekly
From the little I've read, this new variant has been using a drive-by java exploit, but so far during an audit I have confirmed all java up to date (however, we do have 1.6 installs, up to date, out there).
Anyone aware of any...