So my company was hit with crypto virus twice in the last two and a half weeks. Luckily we got everything under control in time and thankfully did not have to pay a single cent. But as a pro-active measure I wrote a small crypto virus scanner script that scans our file server for files with the .enc extension every 15 minutes and if it finds such a file, it will email you.

$ServerName = gc env:computername
$SmtpClient = new-object
$MailMessage = New-Object
$MailMessage.Body = ""
$SmtpClient.Host = ""
$MailMessage.from = ("")
$MailMessage.Subject = $ServerName + "Crypto virus detected"
$dst = "e:\Data"
$ext = "*.enc"
function Send-Email {
$found = get-childitem $dst -Recurse -Filter $ext | Measure-Object | Select-Object -ExpandProperty Count
if ($found -gt 0){
$MailMessage.Body += "Found $found files with .enc extension on $ServerName. Possible crypto virus infection requires urgent attention"

October 7, 2016
