Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti Crypto Soft ware is any of it any good.


  • Please log in to reply
10 replies to this topic

#1 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:05 PM

Posted 04 December 2015 - 06:46 PM

With all of the crypto exploits running around are any of the anti-crypto softwares any good at all.

 To the untrained eye to work it would have to be already installed and running real time. to be of any use would it not?

 

I mean files once encrypted without the key are basically impossible to decrypt are they not?

 

Not meaning to be controversial just unshure.


Edited by hamluis, 04 December 2015 - 08:19 PM.
Moved from Gen Sec to AV/AM Software - Hamluis.

HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:05 PM

Posted 04 December 2015 - 07:28 PM

Yes, if one follows Quietman7's advice about the anti-crypto software he is familiar with, one cannot go wrong -- just make sure to follow his settings that he uses.  Me?  I use WinPrivacy and WinAntiRansom from Ruiware.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 04 December 2015 - 10:32 PM

Emsisoft and Kaspersky developed free softwares  to break the encryption of some of those ransomwares if you are victim.



Emsisoft Community Manager


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 05 December 2015 - 07:38 AM

...I mean files once encrypted without the key are basically impossible to decrypt are they not?...


Crypto-Ransomware: When Encryption Breaks Bad

Can encrypted files be decrypted without paying the ransom? It ultimately depends on how good or thorough its creator was, and if it can be cracked in time. Crypto-ransomware-encrypted files could be decrypted if it used a weak encryption algorithm (provided that the key can be regenerated by using the same algorithm), or if the keys can be found inside the malware code or infected machine before the ransom deadline expires. Unfortunately, this is a long shot. In the constant arms race between cybercriminals, security vendors, and law enforcement, the bad guys—or at least the good ones—are unlikely to keep using methods that can be easily cracked. After all, if crypto-ransomware was that easy to resolve, it wouldn't be considered a dangerous threat, and cybercriminals wouldn't be using it that much

.
Nathan (DecrypterFixer) and Fabian Wosar, Authorized Emsisoft Representative (Security Developer) are trusted Security Colleagues here at Bleeping Computer and researchers who analyze and investigate crypto malware as well as provide expert assistance to victims of ransomware infections. Each of them have created various decryption tools. BloodDolly created TeslaDecoder which helped many victims recover their files.

Other security vendors have investigated and offered decryption tools.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 05 December 2015 - 07:39 AM

With all of the crypto exploits running around are any of the anti-crypto softwares any good at all.

 

The best defensive strategy is a comprehensive approach...make sure you are running an updated anti-virus and anti-malware product, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, update all vulnerable software and routinely backup your data. You should also rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.

For example, Emsisoft Anti-Malware uses advanced behavior blocking analysis which is extremely difficult to penetrate...it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. Emsisoft also has the ability to detect unknown zero-day attacks without signatures. ESET Antivirus and Smart Security uses Exploit Blocker which is designed to fortify applications that are often exploited, such as web browsers, PDF readers, email clients or MS Office components.

Ransomware Prevention Tools:

Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas.

Related Resources:



Note: Some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can hamper the effectiveness of Return-oriented programming (ROP) and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running.

ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled).

However, EMET Security Technology is not impenetrable...


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 RolandJS

RolandJS

  • Members
  • 4,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:05 PM

Posted 05 December 2015 - 11:30 AM

Quietman7, I noticed you mentioned Ruiware's WinAntiRansom.  in my experience, WinPrivacy and WinAntiRansom are really not "set it and forget it," for me, they work best when the "dogs are walked" at least once daily.  I have a separate thread, however I cannot remember how to embed that particular in here.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 05 December 2015 - 04:36 PM

I have not had a chance to use either yet. I do plan on trying WinAntiRansom at some point. Right now I just provide a link to it as another option for folks to consider.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Batzz

Batzz

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 December 2015 - 04:42 PM

With the rise of cryptowall and cryptolocker approaching us in the 2016 year, I highly recommend some form of anti-crypto software to protect against this. I don't know any good programs yet, but I would recommend using it as it is very effective.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 07 December 2015 - 06:06 PM

I noted some good programs in Post #5.

BTW....the original CryptoLocker Ransomware infection does not exist anymore and hasn't for almost two years. There are several copycat and fake ransomware variants which use the CryptoLocker name but those infections are not the same.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:02:05 PM

Posted 07 December 2015 - 07:05 PM

I do remember nod 32 gave me quite a scare. It's second scan log found a bunch of encrypted file/folders but with exceptionaly long hash numbers.  I thought I had been had but other more level heads pointed out it was part of Nod's process to get around some of my other security software. Basically it was showing encrypted files that were not actually encrypted.  All of the files and folders I could actually see and open and everything worked ok.

 

It did however give me a few anxious hours lol.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 07 December 2015 - 07:29 PM

Some files and services are locked by the operating system or running programs during use for protection, so scanners cannot access them. Other legitimate files, especially those used by security programs, may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access as a protective measure. When the scanner finds such an object, it makes a note and usually just skips to the next one. That explains why it may show with notations but no action taken in certain anti-virus or anti-malware log scan reports. These are normal when using several security scanning programs so there is seldom a need for concern.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users