CryptoLocker is a Trojan Horse designed to encrypt local files and then threaten to delete data after a deadline unless specific demands are met (usually in the form of electronic payment). The Ransomware malware first surfaced in September 2013, and while there was a calm in active attacks for a month or so, the lull was brief. CryptoLocker is, indeed, alive and well, infecting computers worldwide and is a very real threat.
I've seen many threads in the community, even just recently, where networks have been attacked and administrators are confounded that the company's chosen antivirus package isn't able to block or eliminate the malware. In truth, antivirus is no protection against CryptoLocker, in fact, there's growing belief that antivirus technology is dated and unable to handle modern security requirements.
There are a couple tools available to block and protect against CryptoLocker. One is from Microsoft and the other is available from FoolishIT, LLC.
Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a set of tools and templates that administrators can run against a system that will locate potential vulnerabilities that might already exist. EMET attempts to spot new and undiscovered threats even before updates are available by diverting and blocking commonly known techniques vulnerabilities use against a system.
Microsoft recently released EMET 5.0 Tech Preview at RSA 2014, and it seems, just in time. The day before the Tech Preview was released, security firm Bromium reported they had been in contact with Microsoft for some time over flaws in EMET 4.1. In fact, Bromium was able to bypass EMET 4.1's fully enabled protection 100 percent.
So, your best bet is to grab the latest version, even though it is only a Preview.
EMET 5.0 is available from here:
EMET 5.0 provides support for the following…
Client Operating Systems
- Windows Vista Service Pack 2
- Windows 7 Service Pack 1
- Windows 8
- Windows 8.1
Server Operation Systems
- Windows Server 2003 Service Pack 2
- Windows Server 2008 Service Pack 1
- Windows Server 2008 R2 Service Pack 2
- Windows Server 2012
- Windows Server 2012 R2
CryptoPrevent is a non-Microsoft solution for Microsoft operating systems developed by FoolishIT, LLC. Currently on version 4.3, CryptoPrevent is a single, easily portable executable that can be run on a local PC or server, run from a network share, or deployed using your favorite software distribution method using a plethora of command-line options.
One of the primary advantages that CryptoPrevent provides is that it continues to support Windows XP. Support from Microsoft for Windows XP ends on April 8, 2014 and there is evidence that hackers will explicitly target the 12 year old operating system once it reaches end of life. So, you can bet CryptoLocker attacks will increase.
CryptoPrevent comes in free and premium versions. The free version can be downloaded as a zipped executable or with a setup installer here:
CryptoPrevent Premium adds the ability to auto-update. It installs an updater component to sync daily with the FoolishIT servers and grab the latest program updates. Premium costs $19.95 once for life if you intend to run it in a home PC setting. For commercial or business use, CryptoPrevent requires a $19.95 license for each PC is it installed on.
You can read more about CryptoPrevent Premium here:
CryptoPrevent supports Windows XP, Windows Vista, Windows 7, Windows 8, and Windows 8.1.