Discussion in 'other anti-malware software' started by justenough, Nov 4, 2013.
What would you use along with secure backups and being careful opening email attachments?
Nothing extra, already prepared for such scenarios since CryptoLocker isn't any new type of malware.
I'd say that backup is the most important prevention measure you can take. Of course, preventing a malicious executable to run in the first place (by using on access AV, or a low privilege account, anti-executable, and so on) is an added bonus.
My plan is simple don't let it happen.
1. Using Sandboxie for web facing apps.
2.I also use Appguard which also should do a nice job of preventing that nasty.
3. Backup Backup Backup both images and data backup
Just did a read about this pest. Moral is don't click on attachments on emails
I'm not the slight bit worried.
I'm using sandboxie,there's really nothing to be paranoid about.Do what you do every day and stay away from the dark-side,you'll be just fine.
A standard user account and a software restricition policy, although I've been using this setup for several years, not because of CryptoLocker.
also try CryptoPrevent
Have you tried CryptoPrevent? I wonder how effective it is at preventing CryptoLocker and if it ever "breaks" other software?
Apparently at the moment it prevents CryptoLocker by setting SRP rules for the path that CryptoLocker presently uses.
OTOH, I think we can be sure that the author/authors of CryptoLocker are also aware of CryptoPrevent. It would be pretty simple for them to change the code and have it copy itself to My Pictures, My Music, or whatever.
With a limited account and a software restriction policy malware can't execute in those directories either, so it's a better solution.
CryptoPrevent, from what I can see, allows you to whitelist any executables already in the directories where it blocks execution. Of course it would be prudent to check first that CryptoLocker isn't already there. With SRP you'd have to make an additional rule in Group Policies for any legitimate executable in those areas. Google Chrome is one known abuser of this. Applications aren't supposed to install there, but rather in Program Files.
I feel safe enough, i dont open unknown emails and i have enough exploit prevention and on top of that i have cryptoprevent and avasts hardened mode and to back that up i have backups so im good.
I always run PDF files in a restricted sandbox. If somehow, I download a file infected with this kind of malware, when I ll click on it, I should get a warning from SBIE that a program that's not allowed to start and run has attempted to do so. That would be enough to make me aware that there is a problem with this file that is supposed to be a PDF but its not one.
1. SandboxIE (when browsing and using Thunderbird);
2. Since I'm using Toolwiz Time Freeze daily and ever, 'CryptoLocker' [like others FBI type 'Ransomware'] has no way to romp;
3. Image backup with Macrium Free; to keep some last known good system using Toowiz Time Machine (beta v.).
Nothing really special. I just deal with it like I deal with other malware and my neighbors: try to minimize interaction with them by closing as many threatgates as possible.
P.S.: And of course, backup to external storage media. Multiple backups I might add.
Are your neighbours that bad?
I have backup of personal data and system image on external (disconnected) drive.
Safe browsing with Sandboxie and following safe computing practices also makes me feel safe.
If by any chance I get infected, I can re-image and restore data in few hours.
Not Any additional steps has been taken, just regular setup i believe it should take care for my browsing habits..
1st Protection Layer - Using ABP + Noscript in Firefox (reduces js exploits by not executing 3rd party scripts) And hitman.alert
2nd Protection Layer - ESS
3rd Protection Layer - Have SecureAVPlus + Smart Screen to stop unknown executables starting.
Pretty much like SpongeBob SquarePants and Patrick Star. Still better than the people who lived around our previous house though. One of them burnt garbage right in front of our house, chickens got into our yard and dropped their "payloads". They contributed very well in the process of making me to lose my sanity.
Back to CryptoLocker, I don't see the need to create some special treatments to deal with it. Sure, it's scary. But it's not much different than the typical ransomware in general.
1) Prevent dropper execution with a default deny execute file/traverse folder in download/interet (ACL)
2) Prevent payload execution with a default deny for Basic Users (SRP)
3) Prevent survive re-boot of the payload by locking user autorun entries
Offcourse HIPS, policy containment (DefenseWall, AppGuard), Application Virtualisation (Sandboxie, BufferZone), FW/HIPS (Comodo, Outpost), Anti-Executable (AE, Voodoo, ERP, SecureAplus), or combi (Safe'nSec, PrivateFireWall) will do
I wonder how comodo's sandbox would stand up to this shannagan
edit: Just felt like saying shannagan
Like he said.
Backups isolated from active system.
HIPS, HIPS, HIPS! .....as always monitoring signal movements between folders and files.
This CryptoLock virus reminds me a lot of those Fat32 one's that once they targeted your executables they were tarnished beyond repair as in Reinstall Windows.
Which security programs do you think are best for preventing ransomware in general?
From what I've read so far, this is a good strategy. Some of the stories about CryptoLocker are troubling enough that I'm adjusting my security to deal with it. I know ransomware has been around for a while, but CL seems to be an advance in the type.
This is enough incentive for me to add back Sandboxie. And tzuk says that it should help contain CryptoLocker:
Sandboxie is worth the price for the software that it is!
Separate names with a comma.