Here's the most recent info in WindowsSecrets newsletter (Jan 2015)
regarding Crypto-whatever...
=============================================
Protect yourself from the latest CryptoWhatever
Hardly a day goes by that I don't hear a story about someone hit by the
latest version of CryptoLocker. On systems that have sensitive data —
which is almost every Windows PC I own — I always ensure that I have a
recent, full backup. For small-business systems, you can use products
from Microsoft or third-party backup tools such as Acronis Backup (more
info
<http://email.windowssecrets.com/wf/click?upn=0-2BxQdQJ2-2FB3xnRtun7-2Fsh6zWERXG4dwCosQmkIZWB-2FkwlFqov-2Fkyr6gx0LvViu7-2F9Fy03clLmsJ1ONwsDqplOA-3D-3D_9pIz290frcShQfOR9al69pMkWRklZ83tNex6g1BlAANUEsq3qt-2BRzlv1tScqCUOUDMP0kLMzqLMr2xbj1QpFHCOARa26ixlQExUYgSG5cGu2xlUc12Coe9FVdflbK3fxqxwdX3ub-2FSMWUESz-2Bwm2CYWamo9ktzw0iVZ-2BId3LLWrqjapq-2FeN-2FKcOjALUIQw4ad9YNET06RXHnM9tNC4nlNLLn5NzEUIZj5YMV3mXG7tCcVtjRFVSoNglK6JL-2FRGFr7prXNXenV4qFRpJPhAdYWkblP8N2K5-2FIrJXH9WlhbB7seCC4Bf2Ojk-2Bbbk6ALH7cK-2BFo4GdgwFoCVMNJPqGXjrYlNSd9m3X8OfqJzcuhW4Cfj92k2gG9v1mqhaI-2BKoVBtP0gjROJQypceoFf6VbEeg-3D-3D>).
If you're familiar with the now-defunct MS Home Server 2011, its code
lives on in two forms. First, Windows Storage Server 2012 R2 Essentials
(site
<http://email.windowssecrets.com/wf/click?upn=Q8kkqfkHDbD-2Bfamhtak93RaUwjSaLln5Aq9lKnmysGp78LXrjBJwGHIwaQZNxs7Wpr5f5VDnEuDzDiWy-2FnO3Dv4RsGZKmwai4J7zDuqlT3XQ8a7UewA0WaKQHGUfogh4woAKBuNQakXIF-2B9geLApy0l1U-2F7f9TTy1Xm7jtUiAW3TqYt9-2FC9FJHFiNKU4f0plUCDmNswpRbTYSfCcdlCVAFdRWSIO577I4-2BtbqNLlDpxnqBYGRR92nM1eAqDMvE0rVoBjh7Iat4kedIaDGP6CHX-2FuuXsiVfO-2FzB6yiUyP9NE-3D_9pIz290frcShQfOR9al69pMkWRklZ83tNex6g1BlAANUEsq3qt-2BRzlv1tScqCUOUDMP0kLMzqLMr2xbj1QpFHCOARa26ixlQExUYgSG5cGu2xlUc12Coe9FVdflbK3fxqxwdX3ub-2FSMWUESz-2Bwm2CYWamo9ktzw0iVZ-2BId3LLWrqjapq-2FeN-2FKcOjALUIQw4ad9YNET06RXHnM9tNC4nlNGVL4P-2FWgrNKTS4UzDqo-2Bm2w5Unj8arwoI8K4dLwxpAbggrQaoNDTFssdkzo3Ot3hjGuNKD9nMugtdXw7KgsJa2Wq03q2rv83kCxyU0z79D5-2FVzTG7Zc0hilD5A8p6bKEHybc6xik45435MzMzV7xT-2B0YS8mYX-2Bk2ltGFmtq9X2kCvLMZHB273fH6W0H6k8wxA-3D-3D>)
provides the old, reliable Home Server client backup that I still rely
on for several of my computers. Second, for larger networks, you can
install the Essentials component included in standard Windows Server
2012 R2 (site
<http://email.windowssecrets.com/wf/click?upn=0-2BxQdQJ2-2FB3xnRtun7-2Fshy9E-2FMZ3MYbZaFFYQXDFykUEaYIP7mfrJbfQ9w0Yhb5Sft7MxSadWrBp9jziqw-2FtnA2-2FBsIoyd1HVeiFgAo7p-2B62Vej9nsw7X2MXIUq0MJFb_9pIz290frcShQfOR9al69pMkWRklZ83tNex6g1BlAANUEsq3qt-2BRzlv1tScqCUOUDMP0kLMzqLMr2xbj1QpFHCOARa26ixlQExUYgSG5cGu2xlUc12Coe9FVdflbK3fxqxwdX3ub-2FSMWUESz-2Bwm2CYWamo9ktzw0iVZ-2BId3LLWrqjapq-2FeN-2FKcOjALUIQw4ad9YNET06RXHnM9tNC4nlNH7usCpfoU30jtprF-2FWiurlt1VJDeR331-2BU5-2B-2FVBbWNr-2BzzMzGZT5cPnLaMF15VhdIkz5sypwN5b0Yhgn7ZwX9-2BVJg3DPkI9Z9x8hJk6ZUU5HkoV229cQHfyf3LkGb9JnZZ-2BlJUMhkv66GDhNWfiyfQDaROPzV1Q0GggYyslebEx-2F-2F3AQ4Z0rTKuOwKy5mTQCA-3D-3D>).
Keep in mind that the bad guys are getting smarter and are disabling
Windows' shadow file copies. A full backup will mean you never have to
pay a ransom for your data.
Make sure you have extra protection on machines that are more critical
and thus at higher risk. The CryptoPrevent toolkit (site
<http://email.windowssecrets.com/wf/click?upn=TfemUwVZKdEYClrpCA-2FMOCaRiBZ4KmEepygKYpD7-2BOaLAHcLZNupbnfUAUlYLtjvUB82K2qxEIWVgoun1Yv3gw-3D-3D_9pIz290frcShQfOR9al69pMkWRklZ83tNex6g1BlAANUEsq3qt-2BRzlv1tScqCUOUDMP0kLMzqLMr2xbj1QpFHCOARa26ixlQExUYgSG5cGu2xlUc12Coe9FVdflbK3fxqxwdX3ub-2FSMWUESz-2Bwm2CYWamo9ktzw0iVZ-2BId3LLWrqjapq-2FeN-2FKcOjALUIQw4ad9YNET06RXHnM9tNC4nlNF0XLre9ZSriPk2VTY7o4l9myI19-2BXQYnjb5B-2Fv5F61eQsaw-2BZ-2F8DEFOCtGlgoLYg9Bmu2Ry24faAXqvDX0yYKDPxMQ-2FF6wnc9K5KrAM-2FMt-2FiFr5Aq0sFoyCAKpa-2Bzkw0HJYpMWx5sHPeptuzDmgIfdzcqjJjpBalkbtcA70Nly-2FlESBaTbjyPqXpu7zzEkeOQ-3D-3D>)
blocks certain locations on your PC that the attackers use to install
their encryption software. (For a funny story about how the site got its
name, read the site's "About" post
<http://email.windowssecrets.com/wf/click?upn=TfemUwVZKdEYClrpCA-2FMOCaRiBZ4KmEepygKYpD7-2BOYIDt79V8u32uqQ-2BXMoApzp_9pIz290frcShQfOR9al69pMkWRklZ83tNex6g1BlAANUEsq3qt-2BRzlv1tScqCUOUDMP0kLMzqLMr2xbj1QpFHCOARa26ixlQExUYgSG5cGu2xlUc12Coe9FVdflbK3fxqxwdX3ub-2FSMWUESz-2Bwm2CYWamo9ktzw0iVZ-2BId3LLWrqjapq-2FeN-2FKcOjALUIQw4ad9YNET06RXHnM9tNC4nlNL-2BqGqCxjb5zHPYTmp7ZAXnbuj59D-2BnzS-2BPxI300Nyr8LOC07N8WxWUXXXk6MtPmh-2BFeO5PWLR9TjVyMY-2FYMqsqwWUXQ-2BAAwHhJe0-2BShNidFvxi6v5yCt-2F58Or7yHrn9aVH9dujMUj-2BneWE-2FKODCo8-2B26afXSVbe7ttlUcwzxOwllBuhzz-2FgZxCapEpHTwzFIQ-3D-3D>.)
For networked systems, consult the information on the Third Tier website
<http://email.windowssecrets.com/wf/click?upn=0-2BxQdQJ2-2FB3xnRtun7-2Fsh-2FVIHwN3lNORj4-2FP3kz3dpANifdbDw7dWE49oF6WvChzWI-2BtnfN4uAugi9gNAb0b-2F1uDXpPrRtg87xfFsHWBKGM-3D_9pIz290frcShQfOR9al69pMkWRklZ83tNex6g1BlAANUEsq3qt-2BRzlv1tScqCUOUDMP0kLMzqLMr2xbj1QpFHCOARa26ixlQExUYgSG5cGu2xlUc12Coe9FVdflbK3fxqxwdX3ub-2FSMWUESz-2Bwm2CYWamo9ktzw0iVZ-2BId3LLWrqjapq-2FeN-2FKcOjALUIQw4ad9YNET06RXHnM9tNC4nlNOaiP5tV8q10Nbo45L1-2Br7MsO7CUsMWZS97e6I-2FAqYTTIyaUU821pp2YWXsMsca3-2F1ocfwqDhNt4QhrLOxG3ZA4kv-2FQhzUzS25K-2FXk-2Fv-2FrE7tdAeh3-2Bzrei-2BRzOW2HbOyurnPcH1HMnF-2FDPxnios1R31k2njdM7M-2F7Dp3DMPBw-2BpawuuaYkrrTN1lhsyrl5O2A-3D-3D>
about group-policy settings. (I assisted with that document.)
====================================================
Mike Copeland
Ted Roche wrote:
On Thu, Feb 11, 2016 at 10:42 AM, Mike Copeland <[email protected]> wrote:
The one 'problem' with this, or any other kind of prevention tool is that
attack vectors change, so CryptoPrevent from last year might not work
against the new approach used by this year's CryptoLocker. But, the
installation method used by the original c-Locker trojan was pretty big and
the c-Prevent author's explanation certainly justifies the cost to block
that path, in my opinion.
I might be getting jaded (ha!) but software reviews seem to be more
advertorial than editorial these days...so unless a software company is
ready to buy some click-through ads...
True. All reviews ought to be considered with a grain of salt. I saw
the professional "reviewers" move in and take over Amazon a decade
ago, and it's clear that some of the "review" sites are not
journalistic efforts as much as advertising sites.
There aren't a lot of "general" computing sites left, but I follow a
few security sites (like isc.sans.edu) that tend to be pretty good at
reporting the current problems and prevention, if any.
And now, of course, my Google-fu kicks on, and I find a couple good write-ups:
http://krebsonsecurity.com/tag/cryptoprevent/
https://askleo.com/why-havent-you-mentioned-cryptoprevent/
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
