?
Solved

CryptoDefense Cryptodefense On CLient Machine

Posted on 2014-04-09
5
Medium Priority
?
389 Views
Last Modified: 2014-04-17
Hi;

A client has been infected with Cryptolocker (Cryptodefense) so some of their documents are encrypted.

Is there still a functioning solution other than paying these guys.

Alternately is there a way to unencrypt the files.
0
Comment
Question by:mavcom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 24

Assisted Solution

by:aadih
aadih earned 800 total points
ID: 39988705
No. :-(

[Without a backup image, no way out.]
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 1200 total points
ID: 39991281
If you are referring to CryptoLocker, it is not a virus or spyware. It's an encryption a hacker places on all your documents  local and network that encrypts your documents.

There are multiple lines of defense:

1. Installing a good firewall like Cisco, Sonicwall or Barracuda that includes content filtering to inspect packets as they are received and drop suspicious and known file types before they reach your network.

2. There are also some software firewalls that help but we believe a stand alone hardware firewall is best.

3. Installing a web based anti spam service that inspects email before it's received like the content filtering above. We use GFI Mail Essentials Online for this service.

4. Educate your users not to open email that looks irregular and from someone they do not expect. This is just plain common sense feature that some people don't use.

If you get hit with CryptoLocker, there are two solutions:

1. Restore from a backup to restore your registry back so it’s clean and restore your documents in unencrypted format.
2. Pay the ransom and hope they unlock your files.

Comodo AntiVirus says if you are running their anti virus and get hit with CryptoLocker, they "offer customers up to a $5,000 limited warranty against infection."

http://www.comodo.com/news/press_releases/2013/11/comodo-endpoint-security-protects-cryptoLocker-ransomware-virus.html

Hope this helps.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39997999
Have we provided the information you needed? There is no un-encryption solution.
0
 

Author Closing Comment

by:mavcom
ID: 40007351
Thank you.
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 40007370
Glad I could provide information. Hope it helps!
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question