Tuesday, March 15, 2016

Protect your systems against Ransomware / CrypVault using GPO

Hi guys,
In this post I will show you how to block the gpg.exe that is used by Ransomware named CrypVault for file encryption.

Create a GPO (I will attach my GPO so you can import the settings!)
User Configuration/Policies/Windows Settings/Software Restriction Policies/Additional Rules
Create Path and Hash Rules for the known gpg.exe Versions.

The virus will not able to execute the tool anymore.

I would recommend to add all gpg.exe hashes to the Policy, because the exclusion of gpg.exe and gpg2.exe will not apply if the EXE will be renamed!

The attached GPO including the paths and all Hashes of gpg.exe up to version 2.3.0.

You can import this GPO by creating a new GPO, right-click it and Select Import Settings. Follow the wizard to import the settings.

Please test before you implement this setting and also verify that this tool is not used by your users.

If your users are using the gpg.exe, you can only restrict the execution to %temp%, because the virus will copy the gpg.exe to this location the most time...

Monday, March 7, 2016

Unlock AD User account using Powershell after entering the username

This script is to unlock an AD user account after entering the username.

You have to enter the username and after that the account will be unlocked.

If the account is not locked out you will receive a message that the account is not locked out.


Thursday, March 3, 2016

Check AD User Credentials based on entered username using Powershell

This script is to verify credentials for a specified user.

After you run this script you have to enter the username and password.

Find attached a screenshot how the outputs should look like ->

Download the script

If you want to verify multiple AD user accounts you can use my other script.