Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Cryptowall Infect An Encrypted Laptop


  • Please log in to reply
13 replies to this topic

#1 guidecca

guidecca

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 23 July 2015 - 04:11 PM

My daughter started a new job with a large corporation.  They gave her an encrypted laptop to protect their propietary company secrets.  She can work from anywhere and do her job.  I assume they used PGP. Is her laptop secure from CryptoLocker?


Edited by guidecca, 23 July 2015 - 05:24 PM.


BC AdBot (Login to Remove)

 


#2 adamforum

adamforum

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 24 July 2015 - 12:40 PM

A computer that is vulnerable to Cryptolocker will remain vulnerable regardless of whether that computer is using a full disk encryption product.  Full disk encryption can potentially help in situations where a computer (say a laptop that is powered off) is stolen from your vehicle, hotel, etc.  At this point, someone outside your organization has your disk with all your sensitive data -- but since the data is encrypted, they theoretically cannot easily access it.

 

Bottom line - your daughter still needs take precautions against malware, including Cyptolocker.



#3 guidecca

guidecca
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 24 July 2015 - 01:57 PM

Thanks for your reply.  And a laptop that uses public internet would be vulnerable to Cryptolocker.  The IT's in her the company she works for should have a handle on it.  I was going to suggest that she download Cryptowall, Peerblock, Malwarebytes, JRT, SuperAntiSpyware at a minimum.  Not sure if they would conflict with the antivirus they used.  She is used to working with her Macbook Pro so is unaware of the Windows problems.


Edited by guidecca, 24 July 2015 - 02:04 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 24 July 2015 - 02:28 PM

Hi guidecca :)

As someone who works as an IT Technician (Tier 2 Support) for a large corporation, here's what I can tell you:
  • Adam is right, even if a computer's hard drive is encrypted, the files on it can still be encrypted by Cryptoware, so it won't protect her. I've had 6 Cryptowall infections in the last months, and 4 of them were on laptops encrypted with PGP (Symantec Encryption Desktop);
  • I doubt you want to install "Cryptowall" on her laptop, I think you mean either CryptoMonitor or CryptoPrevent;
  • JRT is useless against Cryptoware. It's not a tool that aims at these kind of malware, and also it doesn't offer any kind of real-time protection, it's a malware removal tool;
  • I wouldn't install anything on her laptop unless that program is approved by her IT departement. You cannot install programs on a corporate computer like you can on a personal computer. The Terms of Usages, licences, etc. are all different. Even if a program is free to use, it doesn't mean that it is for corporate usage. Plus, if that program isn't approved by their IT program for X reason, she shouldn't be using it because if she does and then she have an issue later because of it, they'll tell her it's her fault;
This being said, you cannot "handle" a corporate computer like a personal one. There's rules, guidelines and instructions to follow, and these aren't left for you to decide, they are left to the company's IT department.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:32 PM

Posted 24 July 2015 - 08:30 PM

The best defensive strategy is a comprehensive approach...make sure you are running an updated anti-virus and anti-malware product, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, update all vulnerable software and routinely backup your data. You should rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.

For example, Emsisoft Anti-Malware uses advanced behavioral analysis which is extremely difficult to penetrate...it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. EAM also has the ability to detect unknown zero-day attacks without signatures.

Ransomware Prevention Tools:Note: Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsofts Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled).

And do not forget this...Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 digmor crusher

digmor crusher

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 24 July 2015 - 11:12 PM

I wouldn't download JRT or Superantispyware, neither of these are designed to keep malware off your computer, both will remove things like cookies, pup's etc. Best to download them when you need them as they are updated frequently and you'll want to use the latest version.



#7 BlackHawk1

BlackHawk1

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 25 July 2015 - 03:06 AM

Has anyone tested the above listed Ransomware Prevention Tools for effectiveness and if so can you provide an opinion on which one you feel is the best? What about Bitdefender CryptoWall Vaccine?



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:32 AM

Posted 25 July 2015 - 03:19 AM

MBAE and EMET work by preventing exploits which is one method that criminals use to drop crypto ransomware onto your computer. Same for NoScript since exploits are essentially pieces of script.

CryptoMonitor blocks crypto ransomware before they can encrypt your data, while HitmanPro.Alert does both exploit prevention and stop crypto ransomware by neutralizing it and gives you the option to kill it with HitmanPro. CryptoPrevent writes group policies that prevent malware from starting in certain locations.

Rollback Rx snapshots allow you to roll back changes made to the system, so it will undo the damage caused by crypto ransomware.

I never saw anyone using BitDefender's CryptoWall Vaccine, but the response to their CryptoLocker vaccine is rather poor.

#9 BlackHawk1

BlackHawk1

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 25 July 2015 - 04:04 AM

MBAE and EMET work by preventing exploits which is one method that criminals use to drop crypto ransomware onto your computer. Same for NoScript since exploits are essentially pieces of script.

CryptoMonitor blocks crypto ransomware before they can encrypt your data, while HitmanPro.Alert does both exploit prevention and stop crypto ransomware by neutralizing it and gives you the option to kill it with HitmanPro. CryptoPrevent writes group policies that prevent malware from starting in certain locations.

Rollback Rx snapshots allow you to roll back changes made to the system, so it will undo the damage caused by crypto ransomware.

I never saw anyone using BitDefender's CryptoWall Vaccine, but the response to their CryptoLocker vaccine is rather poor.

 

 

Thank you very much for that! Can I ask... what do you personally recommend? Hitman Pro ALERT is free or paid? I currently use Avira, MBAM Pro, MBAE Premium, and Zemana Antilogger.


Edited by BlackHawk1, 25 July 2015 - 04:08 AM.


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:32 AM

Posted 25 July 2015 - 04:10 AM

HitmanPro.Alert has both free and paid version, but advanced features like exploit protection or CryptoGuard is only available in paid version.

My personal recommendation is safe computing practices - it will save you from a lot of malware in addition to crypto ransomware.

#11 BlackHawk1

BlackHawk1

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 25 July 2015 - 04:29 AM

HitmanPro.Alert has both free and paid version, but advanced features like exploit protection or CryptoGuard is only available in paid version.

My personal recommendation is safe computing practices - it will save you from a lot of malware in addition to crypto ransomware.

 

Yes no doubt safe surfing is #1, but I am asking about things after that. :)



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:32 AM

Posted 25 July 2015 - 04:37 AM

If you don't have regular backups then add them. Otherwise your setup should be fine.

#13 BlackHawk1

BlackHawk1

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:32 PM

Posted 25 July 2015 - 04:38 AM

Thanks!



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,908 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:32 PM

Posted 25 July 2015 - 06:35 AM

Has anyone tested the above listed Ransomware Prevention Tools for effectiveness

CryptoMonitor is tested constantly by the developer, Nathan (DecrypterFixer) who assists victims of various ransomware infections here at Bleeping Computer. Updates are regularly posted in the CryptoMonitor Official Discussion & Support Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users