Offline Ransomware is spreading among Russian users http://securityaffairs.co/wordpress/41742/cyber-crime/offline-ransomware-russia.html
Been following Cryptowall 4.0 discussion and findings over at: http://www.bleepingcomputer.com/for...lp-your-files-ransomware-support-topic/page-1 This bugger appears to be especially targeted at business; just as has been recently predicted future ransonware targets will be. CW 4.0 appears to have this consistent common characteristic: So far, all e-mails have the same theme: 163[.]com sending domain, fake resume .ZIP attachment containing a (malicious) .JS file. Eset had a signature for the payload within a day of "in the wild" discovery.
This one uses %ProgramFiles% directory. Again, a HIPS rule that monitors and alerts to changes of registry start up keys would allow you to thwart this bugger: To stay persistent on the infected machine, the ransomware creates the following registry key, previously copying the original executable to the %ProgramFiles% directory: Key: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\” Value: “pr” = "%ProgramFiles%\”${RANSOMWARE_PATH}
Cryptowall 4.0 comes from Russia, Bitdefender released a vaccine http://securityaffairs.co/wordpress/41862/cyber-crime/cryptowall-4-0-russia-vaccine.html
If you can live this: This tool is great but it is not staying loaded on reboot… Local user does not have admin access to run install at startup every reboot. IS there a slolution? Same problem reported by Wilders users: https://www.wilderssecurity.com/threads/bitdefender-free-cryptowall-vaccine.371399/
Cryptowall 4.0 now using Nuclear exploit kit. Make sure your systems are fully patched. http://www.bleepingcomputer.com/new...alled-by-exploit-kits-using-a-nsis-installer/