Zepto Virus

[Ice2Cool]

Hey guys

So one of my employees received the zepto virus via email and she opened the email and it has encrypted all the files on our share drive. Fortunately I do daily backups so I only lost half a day of work. This is now the 2nd time this has happened and despite all my warnings to staff not to open unsolicited mails - eventually someone opens one. How do I block these emails? I have mail marshal and its not able to block them. Any other ideas on what to do?

Thanks

 

[BradleyKZN]

Did you find out what the extension was that she opened? Cant you block that extension type?

Otherwise you can look for keywords that would indicate malicious mails

 

[kianm]

Mimecast. Or move to Office365 and let MS take care of security

 

[HavocXphere]

2nd time this has happened and despite all my warnings to staff not to open unsolicited mails - eventually someone opens one. How do I block these emails?

You fire the idiots.

 

[Rickster]

Was share drive set to read only or full control?

 

[HavocXphere]

Was share drive set to read only or full control?

uhmm.....what do you think

 

[mjwitter]

We've set Google Apps to quarantine all zip attachments coming in, get quite a few attempts each day.

 

[-Tachyon]

Happened to one of our clients today. Still putting out the fire.

 

[CamiKaze]

Mimecast. Or move to Office365 and let MS take care of security

+1

 

[morkhans]

Did you find out what the extension was that she opened? Cant you block that extension type?

Otherwise you can look for keywords that would indicate malicious mails

docm inside a zip

https://nakedsecurity.sophos.com/2016/07/05/is-zepto-ransomware-the-new-locky/

 

[ubercal]

Got hit by this virus recently - you have to block .docm files from coming through

 

[Sinbad]

Mimecast. Or move to Office365 and let MS take care of security

Really?
Sounds like abrogation of responsibility to me...
Especially the idea of MS taking care of security...

 

[antowan]

This virus is a farkup of note! Did any of you manage to find a way of decrypting the files? Seems pretty damn airtight....

I am sitting here with a client machine and hoping there can be some trace of the deleted files (yes they deleted the originals after the encryption. So there is some hope.... I'll know in an hour...

 

[Venomous]

find a ghost file finding proggie.


the info is still there, or at least most of it.

recover ghost files, where possible. sometimes there are casualties.
dump all info on drive via reload, not keeping data.
then add recovered files again.