Using Software Restriction Policy to help prevent Cryptolocker

[Charyb-0]

Are there any more paths that can be entered into Software Restriction Policy that will help protect against Cryptolocker and any other type of Ransomware? I copied and pasted the paths using info provided by Bleeping Computers.

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Please see attachment.

[polonus]

Other preventive measures are being mentioned here:
http://www.pcadvisor.co.uk/features/security/3491195/how-protect-yourself-from-cryptolocker-attack/
These measures consist of making back-ups and save these offline. Make online back-ups through free services.
The most important message however is to never to open a file or link from an email or on a social site
if one does not know whether it was sent deliberately for recipient.
Use this little program to prevent: http://www.foolishit.com/vb6-projects/cryptoprevent/
CryptoPrevent is completely FREE for personal and commercial usage!

greets,

polonus

[essexboy]

The FoolishIT programme will be updated to cover new vectors, at the moment it has them covered

[Hard_ROCKER]

Some other tools:

HitmanPro.Alert with CryptoGuard:
http://www.surfright.nl/en/alert/cryptoguard
latest beta:
http://www.wilderssecurity.com/showpost.php?p=2336519&postcount=1152

Bitdefender Anti-Cryptolocker(download link on the bottom of the post):
http://labs.bitdefender.com/2013/10/cryptolocker-ransomware-makes-a-bitcoin-wallet-per-victim/?sm_id=SMGlobal?utm_source=SMGlobal&utm_medium=SMGlobal&utm_campaign=H4S



Can avast! protect me against CryptoLocker?
http://blog.avast.com/2013/11/19/can-avast-protect-me-against-cryptolocker/

How to protect your computer from CryptoLocker?

AVAST users should be safe from infection during the short period when the malware is new and “undetected” as long as AutoSandbox and DeepScreen are active. “The infection is prevented by means of a dynamic detection,” said Sramek.

“We also automatically add detections for each new sample that passes our backend filters,” said Jiri Sejtko, Sramek’s colleague in the avast! Virus Lab.

“Against future threats like this, having a backup is always a good idea – who knows when CryptoLocker v2.0 will be released, and every antivirus solution is reactive by nature,” said Sramek. “The encryption used is virtually unbreakable, there is zero chance of recovering files after infection.”

[Charyb-0]

Thanks for the helpful information. I witnessed SRP work while trying to install HP Printer Control so at least the temp path keeps executables from running there.

I think I will try out Crypto Prevent. Seems much easier than SRP.

I do have HitmanPro.Alert installed but it is not the one for Cryptolocker. I will install it once it comes out of beta.

I also had Corrine mention to show known file extensions which will allow a user to view the extension before opening the file. Extensions such as <filename>pdf.exe more than likely are going to be bad news.

Thanks