Tag: ransomware

May 12, 2016

Use GPO to change the default behavior of potentially malicious file extensions.

If you’re like me and don’t have direct control of your own email filtering, or want to go a step beyond, you’re going to want a way to prevent non-PE viruses from running. Software Restriction Policies are good for this if you’re using them in a whitelist capacity, provided that you’ve also added the extension to the Designated File Types. From a blacklist standpoint it’s […]

April 7, 2016

DangItBobby.ps1 – Remotely disable a NIC given only a username.

So I have a code offering today, which I’m calling DangItBobby.ps1. It lets you remotely disable the NIC of a computer given only the username that is logged in. In essence, when in the middle of a ransomware infection, and you see that the owner of all the files is changing to Bobby, you run the script and provide credentials of a local admin account. […]

March 18, 2016

Ransomware is the future.

When I first started fighting ransomware in late 2013, I had a premonition that this was something serious. While CryptoLocker was rather easily defeated in the enterprise and ultimately killed by killing the botnet, media outlets and tech sites ran with the story. It showed this small group making millions and millions of dollars. Guess what? More people started writing ransomware. Cut to now. Ransomware-as-a-service is […]