This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit. http://www.thirdtier.net/ransomware-prevention-kit/
What is a Tell? A tell is something that you put into place as an at a glance confirmation that it worked. “It” can be anything that you need to know with certainty. In our Cryptolocker Prevention Kit the GPO’s were exported from my explorations in blockage and they contain a tell. I’ve used tells rarely. In fact it’s been years. I think the last time was in backup procedures when we needed to be certain that particular folders were backed up and the folder structure edited afterwards. We did this by adding a tell to the end of the scripts that we used. This way we could at a glance see the tell and know that our folder structures got updated after last nights backup without having to go in and wade through the folder structure itself.
This time I wanted a way to enlist end users of computers in the offices that I support remotely to let us know if for some reason the group policies that we rolled out to block cryptolocker didn’t get applied to their computer. Sure I could run reports across my entire clientbase but in my experience enlisting the assistance of users in situations like this one re-enforces the seriousness of the situation and helps raise awareness among the users. We know that these GPO’s aren’t the only way to prevent cryptolocker and they might not work in every instance and they might stop preventing it in the future. Such is the nature of ever evolving infections. But I do know that educated users can prevent it always. The “tell” helps me enlist them in providing the solution. Anyone and everyone will report if they don’t see that little cloud icon on the desktop with our initials on it and they will remember that are supposed to be diligent and on the lookout for odd behavior. We told them what behavior to look for. That little cloud is a reminder to keep looking.
Here’s the tell that we used.
Where the icon file goes to isn’t important. In fact when we developed it there was no target URL but then we realized that people might click an icon on their desktop (who doesn’t?) so we added the URL for our blog.
If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at http://www.thirdtier.net
I can’t tell you how much time and money I’ve wasted on explaining my business to CPA’s. I recommend you don’t do that and instead hire Rayanne to Tech Your Books. She can solve problems and get your books setup so you can make money. She’s an MCSE and an Accounting professional. A rare combination that means she can Tech Your Books. http://www.thirdtier.net/tech-your-books/