What's Microsoft doing about Cryptolocker?

[rufford155]

Why doesn't MS issue a patch or update to prevent Cryptolocker?
Couldn't they provide a permanent solution along the lines of CryptoPrevent?
Is the latter utility safe? - and any good?

Apologies if this is old hat, couldn't find thsi specific query anywhere.

 

[marsmimar]

According to Microsoft, their security software detects and removes this threat.

Trojan:Win32/Crilock.A

Virus:Win32/Crypto.C.dr

Presumably it's easier to update the signatures and heuristics for anti-malware software than to keep issuing patches or updates to an operating system.

 

[strollin]

Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.

 

[Computer0304]

Once it infects your pc though, no software could decrypt your files.

 

[COMPUTIAC]

Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.

Is this the one you are referring to : Download CryptoPrevent - MajorGeeks

 

[Callender]

Microsoft? Don't know.

I don't know what Microsoft is doing about Cryptolocker but whatever they do the guys that created it will probably try to find a way around any solution that's put in place.

As far as I can work out you can create your own Group Policy rules to prevent executable files from running in the locations that Cryptolocker uses as shown in the link below.

Cryptolocker: How to avoid getting infected and what to do if you are.

The problem with that approach and the "Cryptoprevent" approach is that it can also prevent some legitimate apps from running. I suppose that for most users it's better to have protection in place although they'd need to understand how to whitelist apps that get blocked.

I've tried two approaches:

1). Used Bitdefender Anti-Crypto.

2). Used application whitelisting software that detects when an unsigned file attempts to run and can be set to prompt the user for action. Additionally if a signed file's signature is not in the list of trusted certificates a user can be asked to either block or allow execution.

So far method 2). has been the best solution for me.

 

[strollin]

Detecting and removing the Crypto software after your computer is infected is too little, too late as your files will already have been encrypted. Cryptorevent is an attempt to prevent the infection in the first place which is what rufford18 is asking about.

As far as I know, CryptoPrevent is safe and recommended. I have it installed but can't say how effective it is. The best defense seems to be to have backups on drives that are not kept attached to your network.

Is this the one you are referring to : Download CryptoPrevent - MajorGeeks

Yes, that's CryptoPrevent

 

[logicearth]

Im not sure what you are asking Microsoft to do. There is no security vulnerability in Windows that is being exploited, no holes to patch. Cryptolocker is merely an application that does something awful. But nothing a patch or update is going to solve. Unless you disable applications running all togeather.

 

[rufford155]

Thanks

Thanks for all replies.
Sorry I've been away awhile.
Found some other useful thread on here too.

 

[Computer0304]

Microsoft could just block cryptolocker-like files from running.

 

[Golden]

Microsoft could just block cryptolocker-like files from running.

Care to explain how they do that?

 

[Computer0304]

They could implement the software previously mentioned into Windows.

 

[Golden]

They could implement the software previously mentioned into Windows.

Click & read

 

[Computer0304]

Then how does Bit defender Anti-Crypto work?

 

[Golden]

Rudolph : Its a 3rd party application. Windows is an operating system. For obvious reasons you can't merge the two.

 

[Callender]

How does it work?

Then how does Bit defender Anti-Crypto work?

As far as I can work out it needs to prevent executables from running under the following path:

%AppData%\*.exe

Plus various other paths listed in the article below.

If Microsoft chose to implement the same method to prevent infection the problem is is that there are actually some legitimate applications that might run an executable file from that location and it would require the user to have the knowledge needed to add specific applications to an exclusion list. That's too complicated for many people to understand.

Steps needed to prevent infection:

Cryptolocker: How to avoid getting infected and what to do if you are - Computerworld

As you can see - any unsigned executable needs to be blocked as Cryptolocker file names are randomly generated.

 

[Computer0304]

Rudolph : Its a 3rd party application. Windows is an operating system. For obvious reasons you can't merge the two.

Well I guess that's true.