One of our computers has been hit with ransomeware. It encrypts only excel files and changed the format to .zepto. it spread to some shares which I was able to restore. The computer is off the network and shutdown awaiting reformat. Our SEPM and clients are up to date. nothing in reports, notifications, logs of client showed any infection that I saw.
It happened by a user accessing Yahoo email (personal) and user clicked on something. Now clearly its better for a workplace not to be able to access external emails I know but I can't change that (even though I'd love to). Anyway as I was saying we've had alot of ransomeware/cryptolocker come through via email and SEP has done a fanatstic job in all of them except this particular one.
Anyone has any ideas? thoughts? tips? for something like this? I realize no AV is perfect and cannot possibly know every single thing out there right away so just wanted to share this.
Thank you
Zero Cheese