Thank you for the response.
How could I find that file extensions got changed accidentally beacaue three systems are infected by Ransomeware as I find the ransomware text and snapshot files.
I upload the encrypted file but as that is encrypted that is why virus did not find. This is what I am thinking.
Further, how I can find the virus? I run the full scan both in windows normal mode and safe mode but SCEP is unable to find any virus.
This is the worst condition for any administrator :(
One more thing that scep find and remove the ransomware on three systems but all files extensions have been changed and encrypted.
My question is, when SCEP detects and removes the ransomware, why the files have been encrypted of effected?
For protection, we applied
AppLocker and Software Restriction Policies but I am not satisfied with these solutions and think its temporary solutions instead of permanent solution.
As per my RND, ransomware attacks or hits either via email attachements or web urls. For email filtering / attachment's, we are using Cisco Iron Port and websense cloud for web filtering.
There are a lot of Ransomware variants attacking and increasing day by day so what protection level we must have to protect our environment from the attacks?
Please share the best practices and suggestions.
One more question, SCEP detects the viruses with no actions, what does it mean. Please find the below examples of SCEP alert.
Malware Name: Joke:Win32/RussianJep
Number of infections: 2
Last detection time(UTC time): 2/13/2015 2:14:35 PM
These are the infections of this malware:
1. Computer name: ACB
Domain: XYZ
Detection time(UTC time): 2/13/2015 2:14:35 PM Malware file path: file:_E:\Mails\outlook_2.pst->Message.8640: "acv" [1999/02/16 03:58:59]: Attachment.11561: "GAME.EXE"
Remediation action: NoAction
Action status: Succeeded
Malware Name: Trojan:Win32/Dynamer!dtc
Number of infections: 2
Last detection time(UTC time): 2/13/2015 2:14:35 PM
These are the infections of this malware:
1. Computer name: ACB
Domain: XYZ
Detection time(UTC time): 2/13/2015 2:14:35 PM Malware file path: file:_E:\ Mails\outlook_2.pst->Message.4911: "[FW: Hot Topic!]" [1999/09/07 08:48:39]: Attachment.6340: "hr-questionairre.exe";file:_E:\Mails\outlook_2.pst->Message.5087:
" [Hot Topic!]" [1999/08/27 04:06:13]: Attachment.6567: "hr-questionairre.exe"
Remediation action: NoAction
Action status: Succeeded
This is also observed that SCEP does not have the permissions to clean the virus from pst files. Its difficult to coordinate with each infected user to delete the email /s from pst. What is the best practice and suggestion?
Thanks