Do you have a plan to deal with CryptoLocker?

ESET NOD32 Antivirus
Sandboxie Paid (Internet Access & Start/Run Restrictions)
AppGuard
Routine Imaging of the Windows System Partition
Offline File Backup

 

I don't think "which might make it ineffective". This kind of Ransomware can't do anything against locked drives, folders and files.

I'm using 'File Locker' feature in Toolwiz Time Freeze, v. 1.9.3. There are many freeware Folder/File lockers app. that have password protection feature, if you want that.

E.g.: You can try Easy File Locker from Shadow Defender developer.

 

this program looks very interesting but is it develop regularly?
it may be good for the arsenal list

 

Been looking for a program that can do that to replace file/folder protection feature in CHIPS. Thanks for mentioning it.

 

I plan to not get it in the first place. If unfortunate circumstances occur, I have nothing of value on my system and can simply reinstall my operating system.

 

You must be kidding

 

Ever incidentally blocked legitimate process that is required by Windows to be running? Ever messed your folders permissions because of misconfigurations?

 

It is user's fault...CIS just does what it should.
Use it with default settings (disabled HIPS) or set CIS to Clean PC mode.

 

Yes, but it has a potential to be misconfigured. It's the problem with every classical HIPS, not just CIS. So I wonder why making it specific to CIS? Any representatives from OA or MD wants to chime in?

 

Any integrated hardening measures can be too, namely SRP & LP. I don't think that means we eliminate them as solutions. The impasse I see here is you're looking at it from an Average Joe perspective where the other guy figures... we're big kids sitting at the big kid table here, talking about solutions for people like us, as that's what's relevant here & now. And not what a 15 year old that only surfs porn would be best served doing.

Also and of those snags can be remedied with a good backup & imaging rep, which is why you learn that BEFORE policy & classic HIPS.

It is true though that I've seen so called security software/solutions where the supposed cure was worse than the disease. And in the hands of a novice user anything can be other than an integrated, generic as hell XP-ish firewall and real-time AV that needs no configuration and will work well & update out of the box.

 

Don't forget to password protect the AV in case they disable/misconfigure it. And give them a limited account that can't disable Windows firewall.

 

Indeed. But that's not exactly my point. More controls = more things can be done. For the good or the bad, controls will require a very careful observation because a single answer of no from lssas.exe can be very nasty. Even an expert of Windows OS has the same chance of screwing up with an average user. Ever had a bad day and you just don't care of whatever you're doing because you're not on the mood to pay attention? Yep. Classical HIPS can be used to destroy the OS by the user. A signature + heuristic based AV can destroy the OS too, by FPs, but that's the developer's fault. The developers are more responsible than the users generally, regardless of the knowledge or skill of the users.

BTW, what's LP?

 

Not sure if any of this has been posted ?

Very good info here http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#cryptolocker

 

well i got two behavior blockers,a powerful sandbox,malwarebytes pro, an av with 2 engines, and hitman pro alert with CryptoLocker stopper

 

Backing up everything is the best way to show the middle finger to these guys... Incidentally how are most AVs coping with this threat?

 

They have updated their signatures to block it.

But the bad guys know this so they're always looking for new holes to slip through.

You should be safe with SRP policies, a Cryptolocker blocker software and an AV.

Multiple defenses should keep malware out since one will work if the others don't catch it.

 

It would certainly help avoid a boondoggle.

 

Local Policy. By the way, here's a method for thwarting CryptoLocker via SRP if you use it via a blacklisting method instead of default deny:



http://www.computerworld.com/s/arti...ected_and_what_to_do_if_you_are_?pageNumber=2

 

Did you just feel like saying boondoggle? lol

 

Yes. One of our former Prime Ministers said it and I've been waiting for the chance to use it myself.

 

Ah, so that's what LP means.

And thanks for the SRP blacklist mode guide link. Although default-deny is easier to configure and more secure IMO.

 

Definitely more secure, dunno about easier though. I like to always strike a balance between security and usability. I don't want using my computer to be a chore. So I have a default deny policy but exclude dll's and have to whitelist only the exe's. Plus I have D+/HIPS anyhow, and in Paranoid Mode at that so it's kinda moot. I know I said I don't want it to be a chore... Paranoid Mode certainly is one, but only for the first couple weeks. Now that I have my rules set I rarely ever hear a peep out of it.