Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Preventing file encryption - is it possible


  • Please log in to reply
7 replies to this topic

#1 LudwigW

LudwigW

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 05 March 2015 - 12:30 PM

The recent flurry of CryptoLock infections begs the question: can a user do anything to his files, permissions, or environment that would disallow encryption or otherwise require intervention before the system would allow the encryption process?
 
I don't know if this question is appropriate here, but it seemed like the place where the interest would be.

Edited by Queen-Evie, 05 March 2015 - 12:59 PM.
moved from Am I Infected to the appropriate forum


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:27 PM

Posted 05 March 2015 - 12:55 PM

Hi LudwigW :)

What you can do is to install security software that would prevent a Cryptoware from infecting your system and encrypting your files. Both CryptoPrevent and HitmanPro.Alert can do that.

CryptoPrevent: http://www.foolishit.com/vb6-projects/cryptoprevent/
HitmanPro.Alert: http://www.surfright.nl/en/cryptoguard

Also, most Cryptoware are distributed via Exploit Kits, hence adding security against such exploits could help you stop a Cryptoware infection. Malwarebytes Anti-Exploit can help you with that, as well as disabling any scripts control from your web browsers by disabling them manually, or using web extensions such as ScriptSafe (Google Chrome) or NoScript (Mozilla Firefox). Symantec NoScript can also disable scripts system wide, adding another layer of protection.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 05 March 2015 - 01:16 PM

HitmanPro.Alert 2 blocks CryptoLocker, CryptoDefense, CryptoWall v1 and variants.
HitmanPro.Alert 3 Build 155 Release Candidate blocks CTB-Locker, CryptoWall 2 and 3, and variants.

If suspicious behavior is detected, HitmanPro.Alert's CryptoGuard will block it...including the encryption of files. CryptoGuard is actually the name of the kernel driver compoment installed by HitmanPro.Alert that mitigates a crypto-ransomware attack...it is a filter driver which monitors the file system and looks for suspicious file operations at the file system level.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Mellow Out

Mellow Out

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 05 March 2015 - 05:04 PM

quietman7

Thanks for your response can you run this along with an active Anti Virus without complication? I am using ESET Nod32 at the moment and know more than on AV wont play nicely 



#5 cyberSAR

cyberSAR

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 05 March 2015 - 05:33 PM

Hi Mellow Out,

 

I'm running alert 3 with nod32 and malwarebytes with no issues on Win7 64-bit. Also on a win8.1 64-bit.

HTH



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 05 March 2015 - 05:33 PM

Yes...they are security tools, not anti-virus programs.

CryptoPrevent writes 200+ group policy object rules into the registry in order to prevent executables in specific locations from running. HitmanPro.Alert adds a Service (hmpalertsvc) and sets it to run Automatic.

I currently have CryptoPrevent and HitmanPro.Alert both installed along side my ESET and Emsisoft Anti-Malware without any issues.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Mellow Out

Mellow Out

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 05 March 2015 - 05:38 PM

Okay thank you for the clarification.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 PM

Posted 05 March 2015 - 06:06 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users