Cryptolocker flogged on YouTube http://www.theregister.co.uk/2014/08/20/cryptolocker_flogged_on_youtube/
Just updated CryptoPrevent to V7.1 Using default configuration. Would be interested if anybody is using any of the advanced options. NB: No compat issues with my AV, MBAM, SBIE or EMET
I am using V7.1 also with default config...http://foolishtech.com/viewforum.php?f=34&sid=6472858466635df5663ef1d1802a93fd
With CrytoPrevent V6 some users reported compat issues with MBAM and MBAR, but I did not see those in V7.1 Maybe one or the other preset an exclusion.
Ransomware takes malware from bad to worse http://www.csoonline.com/article/2836976/data-protection/ransomware-malware-bad-worse.html
New cryptoware title borrows page from drug dealers http://arstechnica.com/security/2014/11/new-cryptoware-title-borrows-page-from-drug-dealers/
Ransom malware attacks underscore limitations of anti-virus software http://news.techworld.com/security/...nderscore-limitations-of-anti-virus-software/
Odd question. What if you have a encrypted drive, say from Truecrypt or Bitlocker. Can Cryptolocker still lock your files that are encrypted?
If drive is encrypted and is not accessible to user (password was not entered), malware wouldn't see files stored on drive so wouldn't have anything to encrypt. Except if it decides to encrypt whole drive (I didn't hear of such case yet) - then you would have your data encrypted twice. If drive is accessible to user (decrypted by password) malware can encrypt those files just as any others. Same goes for encrypted containers.
New ransomware isn't just malware, it's a virus – a true virus; a self-replicating parasite that spreads of its own accord. "Notes from SophosLabs: Ransomware with a difference - this one is a true virus!... But this new ransomware isn't just malware, it's a virus – a true virus; a self-replicating parasite that spreads of its own accord. Once it gets into your network, even if it infects only a single computer, it may soon end up all over the place, even if no-one opens dodgy attachments or already has zombie malware infections waiting to be exploited. A parasitic virus, in contrast to a worm, doesn't spread merely by making copies of itself. Parasitics find other programs and modify them to include a copy of the virus, using the original file as a host or carrier. Worms versus parasitics Most worms leave you with one, or perhaps a handful, of infected files that weren't there before and need to be deleted. Parasitic viruses, in contrast, may leave you with hundreds of infected files on each computer, or thousands, or more. If you leave even one of those infected files behind after a clean-up, the infection will start up all over again. Worse still, the infected files can't just be deleted, because they are your own files that were there before the infection started." https://nakedsecurity.sophos.com/20...Feed: nakedsecurity (Naked Security - Sophos)
While the current Cryptolocker and variants select particular file types for encryption, do not presume that future versions won't go for encrypted containers. These are identifiable, and some people do not adequately back up the header, for example. Containers are also not protected against arbitrary corruption (at the sector level), which would damage the contents. As well as system controls, offline backup is your friend. I also use Sandboxie as a primitive form of disk firewall to apps, but I'd like something far more powerful, perhaps built into a Truecrypt derivative.
"Here Comes Reveton: Ransomware The ransomware scourge that made many small and midsize businesses scramble to recover locked-up systems in 2014 is continuing to clobber PCs despite a law enforcement crackdown that effectively squashed the nefarious CryptoLocker malware. Reveton, a threat that spread mainly in Europe and tied up systems while displaying a phony law enforcement warning, has surged in recent months and is now being detected hammering systems in the U.S. The health-care industry appears to have felt the brunt of the latest surge of the malware, according to an analysis of the latest variant issued by Trend Micro Thursday. More than 60 percent of Reveton infections spotted by the security vendor have been in the U.S. and the malware's new infection method is behind the expansion, the company said. Rather than an executable file, Reveton infects systems with a DLL file extension. "The difference here is that a user whose system is infected by any of these recent Reveton malware variants won't easily suspect that there's a malicious application running in the system via Task Manager," Trend Micro said..............." Full Story:http://www.crn.com/news/security/30...e-is-keeping-solution-providers-very-busy.htm
Inside CryptoWall 2.0: Ransomware, professional edition http://arstechnica.com/information-...yptowall-2-0-ransomware-professional-edition/
CryptoPrevent 7.4.2 was released on 11/1/14 https://www.foolishit.com/vb6-projects/cryptoprevent/ "There are a number of new CryptoLocker clones emerging that can also be prevented by CryptoPrevent. The majority of these are protected against by default protections with their older versions, but newer variants are coming out that can only be stopped by the Maximum Protection + Program Filtering (BETA) option, which uses a definitions based system to keep current with known malware threats. This is however a “BETA” which means it is not fully tested on all platforms. Note this option is not available with the portable edition of CryptoPrevent. Update 11/1/14 – some reports indicated that there were issues with existing security software and the BETA protection, however with the 7.4.2 release those issues appear to be resolved."
~ Crowti update - CryptoWall 3.0 ~ http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx
Thanks for the update. Nothing really new here other than renewed activity. By the way the article makes reference to MAPS (Microsoft Active Protection Service). Do you know if this is the same as the Microsoft SpyNet community option in Windows Defender (Windows 7)?
@ Victek I don't believe the two are connected although both are definitely MS. Some contact MS options here that are worth a bookmark. http://support.microsoft.com/contactus
