CryptoWall ransomware is back with new version after two months of silence http://www.cso.com.au/article/56390...re-back-new-version-after-two-months-silence/
"Cryptolocker 3.0 scum bounce victims over Invisible net Cryptowall 3.0 uses Tor and its little sister I2P to carry chatter between victims and controllers keeping it away rom researchers and law enforcement, French anti-malware crusaders say. Researchers Kafeine (@Xylitol) and Horgh (@Horgh_RCE) have released a technical analysis on the malware identified by Microsoft late last year to be on the rise. "It seems communication with the C&C (command and control) are Rc4 encoded -- the key seems to be alpha-numerical sorted path of the POST -- and using I2P protocol," Kafeine wrote in his analysis. "So they are sadly back and we can expect a lot of them in [developing] exploit kits, spam, and botnets........" http://www.theregister.co.uk/2015/01/15/cryptolocker_30_scum_bounce_victims_over_invisible_net/
Those of you who are using CryptoPrevent, What option did you all choose (Basic, Default, Maximum Protection, Maximum Protection with Filtering)? Plus, is the program overall worth installing and using?
Maximum Protection with Filtering has never worked on any of the (2) versions I've used where it's presented as an option. I asked the developer about that, and never received a straight answer. So I settled for Maximum Protection. As to whether it's worth installing, I thought it was better than having nothing. But as the case with most security apps it's up to the user's judgment.
The concept is simple, ie crypto-ransomware uses various folder locations to run and do its dirty work. CryptoPrevent prevents malware from executing in those folders. I use it at the Default level. For better protection it advises "Maximum" but also says that it may interfere with the installation of legitimate software at that level. If you don't mind turning it off before installing software then the Maximum setting makes sense. If I wasn't using HMPAlert (with CryptoGuard) I would set CryptoPrevent at Max. There is also Maximum Protection with program filtering currently in beta; haven't tried it. Note there is also a support forum for CryptoPrevent on the foolishit website. I think its definitely worth using, but I wouldn't rely on it exclusively. HMPAlert will actively intercept the ransomware and block the data encryption process. There's also the need to have some backups
You can buy a Cryptolocker/Cryptowall Ransomware Kit for $3,000 http://securityaffairs.co/wordpress/41977/cyber-crime/ransomware-kit-for-sale.html
Great article by Trend on how CryptoVault downloads its encryption software which is open source GnuPG: http://blog.trendmicro.com/trendlabs-security-intelligence/crypvault-new-crypto-ransomware-encrypts-and-quarantines-files/ Which begs the question if you are already have it installed to encrypt your e-mail, are you more vulnerable to ransonware attacks?
Moreover, the new Dyreza ( Cryptolocker/Cryptowall 3.1) the info-stealer malware now includes support for Windows 10. This new variant can also hook to Microsoft Edge to collect data and then send it to malicious servers.
Hackers are now offering 'customer support' to the victims they extort money from http://uk.businessinsider.com/ransomware-writers-offer-customer-support-to-victims-2016-1
does anyone know whether CryptoPrevent is compatible with the anti-ransomware module of bitdefender 2016?
