Re: Ransomware

[Chris Green <CGreen () UTTYLER EDU>]

I was curious to if anyone has taken the approach of enforcing Click to Play through group policy on all web browsers, 
and if so, has that seemed to help at all?

http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

Thanks,

-C.


Chris Green
Director of Information Security
University of Texas at Tyler
cgreen () uttyler edu<mailto:swilsan () cii utexas edu>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Hale
Sent: Thursday, October 23, 2014 1:23 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Ransomware

We have had mixed results recently with the %APPDATA% block for EXE's.  I'm looking in to a handful of occurrences on 
machines we have verified had the GPO in place.  We haven't seen any major downsides to the block.  It does affect 
dropbox and firefox updates, but those can either be added as an exception or installed in a different way.

All in all the %APPDATA% (and other edits) have been very effective though,
-Dave

On Thu, Oct 23, 2014 at 12:47 PM, Ashfield, Matt (NBCC) <Matt.Ashfield () nbcc ca<mailto:Matt.Ashfield () nbcc ca>> 
wrote:
Revisiting this thread from a year back....Has anyone seen any downside of the restriction of preventing EXE's from 
running from %APPDATA% ?

Thanks

Matt

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Kevin Moll
Sent: Thursday, November 14, 2013 4:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Ransomware

We had a few users recently get infected with Cryptolocker.  We sent out a college-wide email from our help desk 
reminding users not to open unknown attachments, be cautious of following links, etc.

We also implemented a GPO to prevent EXE's from running from %APPDATA%.  We haven't had any reported infections since 
taking these two measures.

-Kevin

Kevin Moll
Manager, Network/Server Systems
Valencia College
1800 S. Kirkman Rd.
Orlando, FL 32827
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>] on behalf of Shahra Meshkaty [meshkaty () SANDIEGO EDU<mailto:meshkaty () SANDIEGO EDU>]
Sent: Thursday, November 14, 2013 2:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Ransomware
Is anyone taking any particular steps to inform and communicate the risks or prevalence of Ransomware to your campus?
Did you use this opportunity to caution them to be deligent in general or have provided them with specifics?  Thanks
Shahra




--
David Hale, GCIH, GXPN, GAWN, GCIA, GCFA  <ddh () mtu edu<mailto:ddh () mtu edu>>
Chief Information Security Officer
Michigan Technological University
Ph: 906.487.1727