Do you have a plan to deal with CryptoLocker?

Discussion in 'other anti-malware software' started by justenough, Nov 4, 2013.

Thread Status:
Not open for further replies.
  1. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    What would you use along with secure backups and being careful opening email attachments?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Nothing extra, already prepared for such scenarios since CryptoLocker isn't any new type of malware.
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I'd say that backup is the most important prevention measure you can take. Of course, preventing a malicious executable to run in the first place (by using on access AV, or a low privilege account, anti-executable, and so on) is an added bonus.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    My plan is simple don't let it happen.

    1. Using Sandboxie for web facing apps.

    2.I also use Appguard which also should do a nice job of preventing that nasty.

    3. Backup Backup Backup both images and data backup

    Just did a read about this pest. Moral is don't click on attachments on emails

    Pete
     
    Last edited: Nov 4, 2013
  5. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    I'm not the slight bit worried.

    I'm using sandboxie,there's really nothing to be paranoid about.Do what you do every day and stay away from the dark-side,you'll be just fine.
     
    Last edited: Nov 4, 2013
  6. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    A standard user account and a software restricition policy, although I've been using this setup for several years, not because of CryptoLocker.
     
  7. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    253
    Location:
    router
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
  9. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    Apparently at the moment it prevents CryptoLocker by setting SRP rules for the path that CryptoLocker presently uses.

    OTOH, I think we can be sure that the author/authors of CryptoLocker are also aware of CryptoPrevent. It would be pretty simple for them to change the code and have it copy itself to My Pictures, My Music, or whatever.

    With a limited account and a software restriction policy malware can't execute in those directories either, so it's a better solution.

    CryptoPrevent, from what I can see, allows you to whitelist any executables already in the directories where it blocks execution. Of course it would be prudent to check first that CryptoLocker isn't already there. With SRP you'd have to make an additional rule in Group Policies for any legitimate executable in those areas. Google Chrome is one known abuser of this. Applications aren't supposed to install there, but rather in Program Files.
     
  10. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    I feel safe enough, i dont open unknown emails and i have enough exploit prevention and on top of that i have cryptoprevent and avasts hardened mode and to back that up i have backups so im good.
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    I always run PDF files in a restricted sandbox. If somehow, I download a file infected with this kind of malware, when I ll click on it, I should get a warning from SBIE that a program that's not allowed to start and run has attempted to do so. That would be enough to make me aware that there is a problem with this file that is supposed to be a PDF but its not one.

    Bo
     
  12. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    938
    1. SandboxIE (when browsing and using Thunderbird);
    2. Since I'm using Toolwiz Time Freeze daily and ever, 'CryptoLocker' [like others FBI type 'Ransomware'] has no way to romp;
    3. Image backup with Macrium Free; to keep some last known good system using Toowiz Time Machine (beta v.).
     
  13. guest

    guest Guest

    Nothing really special. I just deal with it like I deal with other malware and my neighbors: try to minimize interaction with them by closing as many threatgates as possible.

    P.S.: And of course, backup to external storage media. Multiple backups I might add.
     
  14. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    Are your neighbours that bad?
     
  15. tomazyk

    tomazyk Guest

    I have backup of personal data and system image on external (disconnected) drive.
    Safe browsing with Sandboxie and following safe computing practices also makes me feel safe.
    If by any chance I get infected, I can re-image and restore data in few hours.
     
  16. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Not Any additional steps has been taken, just regular setup i believe it should take care for my browsing habits..

    1st Protection Layer - Using ABP + Noscript in Firefox (reduces js exploits by not executing 3rd party scripts) And hitman.alert
    2nd Protection Layer - ESS
    3rd Protection Layer - Have SecureAVPlus + Smart Screen to stop unknown executables starting.
     
  17. guest

    guest Guest

    Pretty much like SpongeBob SquarePants and Patrick Star. Still better than the people who lived around our previous house though. One of them burnt garbage right in front of our house, chickens got into our yard and dropped their "payloads". They contributed very well in the process of making me to lose my sanity. :thumbd:

    Back to CryptoLocker, I don't see the need to create some special treatments to deal with it. Sure, it's scary. But it's not much different than the typical ransomware in general.
     
  18. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,067
    Location:
    Netherlands
    1) Prevent dropper execution with a default deny execute file/traverse folder in download/interet (ACL)
    2) Prevent payload execution with a default deny for Basic Users (SRP)
    3) Prevent survive re-boot of the payload by locking user autorun entries

    Offcourse HIPS, policy containment (DefenseWall, AppGuard), Application Virtualisation (Sandboxie, BufferZone), FW/HIPS (Comodo, Outpost), Anti-Executable (AE, Voodoo, ERP, SecureAplus), or combi (Safe'nSec, PrivateFireWall) will do :D
     

    Attached Files:

    Last edited: Nov 4, 2013
  19. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    I wonder how comodo's sandbox would stand up to this shannagan
    edit: Just felt like saying shannagan
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Like he said.

    Backups isolated from active system.

    HIPS, HIPS, HIPS! .....as always monitoring signal movements between folders and files.

    This CryptoLock virus reminds me a lot of those Fat32 one's that once they targeted your executables they were tarnished beyond repair as in Reinstall Windows.
     
  21. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    Which security programs do you think are best for preventing ransomware in general?
     
  22. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    From what I've read so far, this is a good strategy. Some of the stories about CryptoLocker are troubling enough that I'm adjusting my security to deal with it. I know ransomware has been around for a while, but CL seems to be an advance in the type.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    same here:thumb:
     
  24. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    This is enough incentive for me to add back Sandboxie. And tzuk says that it should help contain CryptoLocker:
    http://sandboxie.com/phpbb/viewtopic.php?p=95362&sid=b8ccab1effc4295fbfd0e293a60d2011
     
  25. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
Loading...
Thread Status:
Not open for further replies.