Solutions for cryptolocker virus

 
Author
Message
SysAider
1
 
I am looking for suggestions from all IT geeks for Cryptolocker issue. Once it enters in system, It encrypted all files. I tried shadow explorer tool to decrypt files and it was very useful but not perfect. Any other open source tools or scripts to break cryptolocker or enterprise applications any one know ?. Also, please share good real time monitoring programs for this kind of issue (being proactive).
SysAider
19
 
For proactive solution, you can use malwarebyte endpoint, it's really good, dont use mcafee it's totally sh...., for Kapersky i have tested it in businees its good but malwarebytes it's better.

Try it for 30 day on a couple of user who capture problem from internet, im sure you have one like this in your businees, each business have this type of people !!!

Brian
SysAid Wiz
915
 
No.
Your best defense is archive and policy.

[] Restrict admin right of any users on any device.
[] Apply whitelisting to as much as object and system as you can.
[] Kill all USB drives. Create a file transfer system.
[] Anything older than a year (shorten it to comply with your organization paranoid level) must be readonly.
[] Implement snapshots (shadow copy on windows, or stronger more reliable ones on NAS or SAN...) to the longest expand as you can. Users often not realize they been hit after few weeks (but that is not necessarily bad cause if they don't use it for weeks, weeks old data is good).
[] There are audit/user activity monitoring software that could help you monitor file akses and define bad behaviour.

Antimalware approach is useless.
Last time I read... it has gone wormborne.
SysAider
8
 
I second Obelix's list. Once your hit with Cryptolock malware, there is not other way of getting rid of it other than paying a ransom and malware programs are useless.

We got hit with one but thankfully it was only restricted to one user and PC station. We made sure to stripe that disk to zeros before reusing it and having a NAS with snapshot is a Godsend since group policy restrictions only go so far.