Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Expert Advice Needed - Protection Against CryptoWall

  • Please log in to reply
1 reply to this topic

#1 JohnDrake2000


  • Members
  • 14 posts
  • Local time:03:47 PM

Posted 04 December 2015 - 11:43 PM

First of all I'd like to thank all of the security experts who post in this forum. Your expertise and dedication is greatly appreciated by us ordinary computer users who are confused, intimidated and just downright scared by what's going on 'out there.'   :)
I deal with a small business which has about 10 computer users. I've read about CryptoWall 4.0 and yes, it scares the hell out of me.   :)
I've taken many of the usual precautions: Chrome with ad blocking, DNS filtering on the router, banning executable file attachments, banishing Java and Flash. I also install security updates for Windows 7, MS Office and Adobe Acrobat Reader on a regular basis. Files are backed up in the cloud each day with Microsoft Azure Backup.
We've been running Webroot Anti-Virus and are quite satisfied with the anti-malware protection. 
However, when it comes to nastiness and sheer evil genius CryptoLocker 4.0 seems to be in a league of its own--one demanding a higher level of protection. After reading about anti-exploit software I came across the HitmanPro.Alert thread, and I was impressed with the reviews of the "CryptoGuard" feature. 
What if I ran Webroot Anti-Virus and just the CryptoGuard module from HitmanPro.Alert together at the same time on each PC? Webroot would provide the anti-malware protection and CryptoGuard would provide the anti-exploit protection.
Is this a workable strategy?
I am most concerned with application compatibility and reliability. Purchasing 10 licenses for Webroot and HitmanPro.Alert is only a couple of hundred dollars per year.
Thanks in advance for any comments or suggestions.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,047 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 PM

Posted 05 December 2015 - 07:07 AM

The best defensive strategy is a comprehensive approach...make sure you are running an updated anti-virus and anti-malware product, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, update all vulnerable software and routinely backup your data. You should also rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.

For example, Emsisoft Anti-Malware uses advanced behavior blocking analysis which is extremely difficult to penetrate...it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. Emsisoft also has the ability to detect unknown zero-day attacks without signatures. ESET Antivirus and Smart Security uses Exploit Blocker which is designed to fortify applications that are often exploited, such as web browsers, PDF readers, email clients or MS Office components.

Ransomware Prevention Tools:

Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas.

Related Resources:

Note: Some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can hamper the effectiveness of Return-oriented programming (ROP) and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running.

ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled).

However, EMET Security Technology is not impenetrable...

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users