Catch Cryptolocker in the act
We have created a script for LabTech that you can schedule against any system to scan for possible Cryptolocker Decrypt Files, a sure sign that you been infected.
The script can be scheduled against all agents and if an agent is a Mac or Linux it will skip it, The probe will scan each drive letter found and then review that scan to see if it has found any files. Once it finds a file it will email an address but you can easily have it create a ticket or even set an alarm state.
When executing probe against a system you can monitor the Scripts Tab for the progress of the probe.
As the image above shows, a scan takes just a minute to complete. The C drive scan started at 1:08:34 and ended at 1:09:51, the scan took 1 minute and 17 seconds to scan 80GB hard drive.
Version 1.0.1 download
Enjoy Cubert
Great work was just working on one of these. Do you have a recommended scan frequency?
Looks like you’re running the new LT beta – how’s that working out for you?
Doesnt seem to allow me to access it after importing to 2013
I edited line 13 because it found everything with Decrypt in it.
i changed it to:
dir /s decrypt*.txt
First it was:
dir /s *decrypt*.txt
It works fine for me.
I just imported this script into LT 2013. It gave me an error when I tried to open the script.
Error loading script: Arithmetic Operation resulted in an overflow.
Is this script made for LT 10 only? Please let me know. This script can be a huge help for us !
Thanks in advance !
Can someone please help me out? I can’t import this script to my LT 2013 version. Is this script made for LT 10?