- Oct 17, 1999
- 8,883
- 107
- 106
So at a large client it was perfect or so I thought, the SRP we put in place via GP minimized risk of damage from a CL infection. Apparently the guy who implemented the GPO only applied it to an OU for redeployed PCs and guess what. Yeah some guys dad declined redeployment to stick with 7 and opened a convincing email attachment. So started a recovery and damage assessment process. He had network mapped drives so the unmolested backups will set them back two days of productivity and not only that but for this guys PC we had hauled in someone thought they were doing well by running malwarebytes. Anyhow for the PSA bit as soon as the CL window pops up I think it's best to hold down the power switch for four seconds because a. Writes decrease chances of recovering deleted originals and b. Newer variants execute a destruction of volume shadow copies that would easily recover a lot of data.
Just when I thought this wasn't a problem any longer now I might have to reinfect and help to pay the ransom over the weekend. Those diabolical geniuses have my reluctant respect.
Just when I thought this wasn't a problem any longer now I might have to reinfect and help to pay the ransom over the weekend. Those diabolical geniuses have my reluctant respect.
Last edited: