What's Microsoft doing about Cryptolocker?

Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.

Once it infects your pc though, no software could decrypt your files.

strollin said:

Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.

Is this the one you are referring to : Download CryptoPrevent - MajorGeeks

I don't know what Microsoft is doing about Cryptolocker but whatever they do the guys that created it will probably try to find a way around any solution that's put in place.

As far as I can work out you can create your own Group Policy rules to prevent executable files from running in the locations that Cryptolocker uses as shown in the link below.

Cryptolocker: How to avoid getting infected and what to do if you are.

The problem with that approach and the "Cryptoprevent" approach is that it can also prevent some legitimate apps from running. I suppose that for most users it's better to have protection in place although they'd need to understand how to whitelist apps that get blocked.

I've tried two approaches:

1). Used Bitdefender Anti-Crypto.

2). Used application whitelisting software that detects when an unsigned file attempts to run and can be set to prompt the user for action. Additionally if a signed file's signature is not in the list of trusted certificates a user can be asked to either block or allow execution.

So far method 2). has been the best solution for me.

COMPUTIAC said:

strollin said:

Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.

Is this the one you are referring to : Download CryptoPrevent - MajorGeeks

Yes, that's CryptoPrevent

Im not sure what you are asking Microsoft to do. There is no security vulnerability in Windows that is being exploited, no holes to patch. Cryptolocker is merely an application that does something awful. But nothing a patch or update is going to solve. Unless you disable applications running all togeather.

Microsoft could just block cryptolocker-like files from running.