Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker Virus and Network Drives and Shares


  • Please log in to reply
4 replies to this topic

#1 LookinAround

LookinAround

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 28 February 2015 - 07:45 AM

Re: Network drives and shares:

 

I've been told that crypto viruses only infect/encrypt network drives/shares that have been mapped to a drive letter. 

 

If you don't map your drives but only access them by UNC path (or by shortcut to UNC path?) they won't be affected.

 

Does anyone know if this is true, for a fact? Or just internet myth?



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:50 PM

Posted 28 February 2015 - 08:36 AM

They only encrypt "visible" files...

 

It's up to you how you obfuscate files.

 

By preventing temp applications from running in machine policy you can immunise from the whole class of malware.



#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:50 AM

Posted 28 February 2015 - 08:48 AM

Re: Network drives and shares:
 
I've been told that crypto viruses only infect/encrypt network drives/shares that have been mapped to a drive letter. 
 
If you don't map your drives but only access them by UNC path (or by shortcut to UNC path?) they won't be affected.
 
Does anyone know if this is true, for a fact? Or just internet myth?

AFAIK all crypto ransomware only encrypt files on network drives and shares mapped to the infected machine as drive letters. Dropbox accounts will also be affected if they are mapped.

By preventing temp applications from running in machine policy you can immunise from the whole class of malware.

CryptoPrevent does not work on CryptoWall 3.0 and some other newer crypto ransomware, unfortunately.

Alex

#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:50 PM

Posted 28 February 2015 - 09:00 AM

When this outbreak of malware started we enforced a group policy rule that executables can only run from Windows folders or Program Files folders. Our infection rate is 0% since then.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:50 AM

Posted 28 February 2015 - 02:42 PM

According to the developer...HitmanPro.Alert 3 blocks CTB-Locker, CryptoWall 2 and 3, and variants.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users