Saturday, January 11, 2014

Cryptolocker News Update

It hasn’t been since November last year that I’ve actively posted about CryptoLocker Ransomware Info & Free Prevention Solutions.

While it is still kicking around pretty actively, it hasn’t gotten near as much “front-page” blog and security news posting lately.

So here are some (fairly) recent related posts for the curious.

Crypto-Unlocker tool -- NOT what you think BUT may be useful IF... - Foolish IT LLC

CryptoLocker: Better Back Up Your Stuff - F-Secure Weblog : News from the Lab

CryptoLocker: Your "Order" is Being Processed - F-Secure Weblog : News from the Lab

CryptoLocker: Pac-Man Fever - F-Secure Weblog : News from the Lab

CryptoLocker: Please Kindly Find Our New PO - F-Secure Weblog : News from the Lab - Payload delivery via SPAM and phishing emails is one of the prime delivery vectors.

Employee Manual to Prevent Cryptolocker and More - Bits From Bill blog - Again, Bill provides a great reminder on the use of social engineering via phishing/spam emails to delivery the infection binary as an attachment. This really is an employee training issue and he provides great examples. Of course, hopefully your organization has some kinds of both email-perimeter and system client based AV/AM scanners to grab these things before the user has a chance to even see them.

Spam Overdose Yields Fareit, Zeus and Cryptolocker - F-Secure Weblog : News from the Lab

Ransomware for Real: An IT Horror Story Coming to Your Organization - Speaking of Security - The RSA Blog and Podcast

New CryptoLocker Spreads Via Removable Drives - Security Intelligence Blog | Trend Micro

64-bit ZBOT Leverages Tor, Improves Evasion Techniques - Security Intelligence Blog | Trend Micro - This was an interesting post, not just from the technical analysis provided but also from the general development of malware attacking and using x64-bit code. Included here as it can be another payload delivery vector for Cryptolocker: CryptoLocker: Its Spam and ZeuS/ZBOT Connection.

Deadly new ransomware soon to be released? - Help Net Security post discusses “Prison Locker/Power Locker” which could be the next iteration of the “locker” type of malware.

Threat Intelligence - New Locker: Prison Locker (aka: Power Locker ..or whatever those bad actor call it) - Malware Must Die! blog - much more deep review and analysis of this new locker threat. This site is new to me so I’ve just added it to my RSS feed list. If for anything else, they have a cool Latin motto: Semper legerent "Salve Regina" ante venatione malware and though we at GSD didn’t take any Latin classes in high school or college (to our later sadness in life), we still find it pretty awesome.

CryptoLocker's crimewave: A trail of millions in laundered Bitcoin - ZDNet’s multi-faceted Violet Blue runs down a pretty current analysis of the impact this campaign has had.

Inoculation Solutions:

CryptoPrevent - FoolishIT LLC - free tool to help lock down any Windows OS to prevent infection. Doesn’t fix the aftermath but prevents initial infection. Updates have slowed recently but the developer offers both a free (manually updateable) tool as well as a $ tool with auto-updating features. I’m running this on all our home systems.

CryptoLocker Defense for Sysadmins - EventSentry Blog - new and interesting enterprise-class tool for detection of CryptoLocker threats. The blog post is long and detailed but that’s a good thing for the interested.

Cryptolocker Prevention Kit (updated) - Spiceworks - Another more enterprise deployment focused solution.


--Claus V.

No comments: