Cryptolocker 2.0 – new version, or copycat? http://www.welivesecurity.com/2013/12/19/cryptolocker-2-0-new-version-or-copycat/
CryptoLocker Creators Infected Nearly 250,000 Systems, Earned $300k Since September http://threatpost.com/cryptolocker-...000-systems-earned-30m-since-september/103261 • Further reading: (referenced above but segregated out for clarity ) - http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/
Comments on torrent sites will now include tears of anger and hardcore drama. Using a crack, which hides a trojan which contains cryptolocker, to 'activate' the OS? Data loss deserved imo.
Wouldn't it be best to right-click attachments and open them with a program you specify? Or manually pick the program that is associated with the extension? If you got a .Doc, then use Word. PDF = Adobe Reader. And so on.. If the file is malicious and not a real .Doc, then Word would choke on it. It would not open it, or it might ask to convert it or maybe display garbage. It gets around the multiple and hidden and incorrect filetype extension "problem". And this method doesn't let code execute - it is simply read by the selected program passively. This seems stupid-simple. What am I missing?
That is how I open files usually. This security website (now somewhat dated) is where I git the idea: http://www.claymania.com/safe-hex.html#4
The guy who runs Foolshit had to do what the idiots at Microsoft never did: Allow home users to create Software Restriction Policies for home versions of Windows. These can easily be created on business and enterprise versions of Windows but Microsoft never saw fit to extend the protection to individual PC users. Until now, there's been no easy way to do that on home versions of Windows. Microsoft could have offered a tool to allow Windows AppData% folders to be easily secured but thought it wasn't needed. Microsoft has learned a very expensive lesson - that in future versions of Windows, it will need to provide the same security tools for ALL Windows environments. The problem of sophisticated ransomware is a growing one. Ultimately best computing practices will always save the day and NEVER download a file from someone you don't know or that looks too good to be true. Cryptlocker has been successful because it doesn't require an elevated privilege to execute and when it does run - it runs silently without need of user interaction and by the time its discovered, its too late to mitigate the damage. That said, prevention works: NEVER download files from untrusted sources. Have your ISP's mail settings configured to disallow spam e-mail with attachments and disallow ANY e-mail with double extensions - no legitimate e-mail is going to ever use a double extension! Install hardening tools like K-9 Web Protection to wall off compromised and infected domains - SpywareBlaster also lets you set a custom blocklist on what sites can access your browser. Legitimate programs can be secured with EMET to harden them against unknown exploits. Keep your Windows, Java and Flash patches up to date. Install a classical HIP to block malware from running at the source. Cryptprevent can institute software restriction policies to vulnerable files to keep Cryptlocker from running there and modifying them. Make you have AV installed and keep it up to date. And have your firewall set up to allow outbound access only to Internet-facing programs that really require them. And a virtual restore product like Rollback RX is far superior to Windows Restore so if a ransomware should somehow get through, you can go back in time to a date BEFORE any files encryption occurred. Finally, do regular backups and if they're critical data - make hard copies of them and put them in a safe place. You might not be able to always stop malware as its a never ending evolutionary arms raise between malware coders and Internet security companies. But with common sense you can avoid falling prey on the Internet to the cybercriminals who roam it.
I've been preaching this for years Ultimately a backup is probably the most important step. Not only will it rescue one from Crypto or other malware, but it will also bail one out of a borked h/drive or system.
New CryptoLocker Spreads Via Removable Drives http://blog.trendmicro.com/trendlab...ew-cryptolocker-spreads-via-removable-drives/
Will a USB Flash Drive that has been 'vaccinated' with Panda USB Vaccine block the spread of this New CryptoLocker?
If I were to install CryptoPrevent, is there also an "uninstall" provision should I have problems - or, how do you remove/reverse all the registry entries it makes?
CryptoPrevent has an "undo" feature that is supposed to reverse the changes, although I have not tested it.
TomAZ, while both versions do the same thing, with the portable version, there's no need to uninstall the software.
In their CryptoPrevent page, under the Undo section, it states: You may undo the protection at any time by using the Undo button in the main interface.
You can undo those policies. A better option is to whitelist legitimate Internet-facing programs that might need to write to the AppData% folder. The reason for the policies restriction is to keep ransomware like Crytolocker from installing to certain areas on your PC in the first place. But new variants of Cryptolocker will try to defeat efforts to block it so anti-Cryptolocker software will be have to be kept updated to effectively counter new threats.
this is really a boody ~snipped~! but do the antivirus keep to update their database to cover all the variants? or it's better buy an antimalware?
You can check CryptoPrevent for updates manually from within the program. A premium version is also available that updates automatically. CryptoPrevent is not an AV or antimalware program -- it's just a tool to change Windows software execution policies on non-business versions to reduce the risk surface.