Saturday, November 02, 2013

CryptoLocker Ransomware Info & Free Prevention Solutions

I work hard to keep our home systems malware-free and safe.

That typically involves talking about good Windows end-user behavior with Alvis and Lavie, letting them know about various breaking threats, running a AV/AM product, installing advanced protection afforded by Microsoft's EMET v 4.0 on our home systems, making sure all Windows and third party browser plugins are kept updated, run backups, etc.

So generally, I don’t worry too much about viruses and malware…but this new CryptoLocker threat does have my nerves extra-edgy.

First, we don’t have 10 bitcoins sitting around to pony up for a decryption. Most home\SOHO Windows users probably don’t either. Note this price has gone up from the previous 2 bitcoin expense.

Secondly, it seems to work primarily on social-engineering and spear-fishing techniques (for now) to trick a user into opening a payload delivered by email. While I can have pretty good confidence in software defense-in-depth security practices, I never can trust the end-user (myself included) to be 100% dependable in catching this attack. I am my own weakest link.

Lastly, although CryptoLocker primarily targets local drives, it will encrypt any targeted files on a network share if the shared folder is mapped as a drive letter rather than a UNC share. So if one person on a network gets infected, and has mapped drives via drive lettering, that could hose everyone! That’s scary bad.

So the first important step you can take is to educate yourself about the threat itself:

At home, my immediate response was to deploy a special package maintained by Foolish IT LLC on ALL our personal Windows systems (including my Windows VM’s) that protects against this threat. 

CryptoPrevent - free for personal and commercial deployment - Foolish IT LLC - current version at time of posting is 3.1 but that is certain to change. In both “portable” and installable versions.

Like any AV/AM vs. Security battle, it is a constant arms race of updates so if you go this method, check back frequently for new versions or pay the $ for the auto-updating version.

Just to illustrate the challenge, take a look at these posts from the developer to see how the tool has mutated to keep pace with the threat and customer’s needs.

For corporate locations, I learned about another solution via Brian Kreb’s post noted above. From that post:

A team of coders and administrators from enterprise consulting firm have released the CryptoLocker Prevention Kit – a comprehensive set of group policies that can be used to block CryptoLocker infections across a  domain. The set of instructions that accompanies this free toolkit is comprehensive and well documented, and the group policies appear to be quite effective.

Cryptolocker Prevention Kit (updated) - Spiceworks

Get protected now if you are a Windows user. Period. 

It’s not worth dilly-dallying about.


Claus V.

No comments: