CryptoLocker and all variations

We have had loads of success by using DFS and Previous Version List functionality. For a while we had even increased the rate. While this doesn't account for 100% data recovery it certainly limited our data loss.

Thanks Jake for the prompt response... what about prevention? Any AV or antiMalware software to proactively corral.

Unfortunately user training is the best answer here. Our AV has caught it but only after users have already opened something they knew they shouldn't have and caused a situation. This of course is to say nothing bad about AV and anti-malware, these packages continue to protect our environments very well. Sadly the Malware keeps getting more and more sneaky :-(.

There are suggestions online that you can block this if you don't allow programs to execute from .\appdata.  In the very limited tests I did this caused other issues but it may be worth a try.

Otherwise, a good backup (that is not always accessible) is good protection.  Keep in mind that if you have an external hard drive to which you copy your files, it is subject to infections also.

My preferred approach is to have your data reside on (or be backed up to) a different computer and have that computer back up to an external drive or to the cloud.  As long as the server doesn't get infected, your backups will be safe.

since any item that the user can connect to will get encrypted the only solution is offline backup. AV products operate on signatures and not behaviour and the signature must be specific to the item being scanned for.  So if the malware is changed slightly enough to change the signature it won't be detected.  This means that AV will always lag the malware and it must allow normal operation of the computer.

@David Johnson:
The suggestion I made (back up to server, back that up to external drive or cloud) works around this problem.  The workstations have no access to the external hard drive, so malware on them will not be able to encrypt data on the external drive.  As long as the server itself isn't infected, the external drive is safe.

Of course, once the data on the server is encrypted and then backed up, the backup on the external drive will have encrypted files.  The expectation is that the user will know of the problem before all of the backups on the external drive are affected.  This presumes that some history of backups is kept on the external drive.

The disabling .exe in Appdata is something I've read recently, so i'm looking into that. And I already understand the importance of backups and we do have them, but I'd prefer to have a way of limiting the exposure to these infections.

I did find the cryptoprevent by foolishIT. So I'm trying that out.

Just seeing if anyone on this forum has had success in prevention.

As sudeep suggested the Malwarebytes AntiRansomware app (still in beta) has been shown to do excellent work, completely preventing the encryption process, although the earlier versions did display the "your computer has been locked/encrypted" graphic, nothing was actually affected.  

I would hold off implementing this on any production machines yet, though.

Thanks for this information guys... I'll have a look at these suggestions. Once again ExpertsExchange has come through in the clutch.

Just to share there is also another free tool for home users if that is of interest - more of self help to remove the malicious software from user device and regain use its uses.
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx