Link to home
Start Free TrialLog in
Avatar of unrealone1
unrealone1Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Dreaded cryptolocker

My Client has been told by a "security expert" that there is no AV software to protect against cryptolocker completely. Instead the only way is to lock down users and white-list certain applications. Do the experts concur?
Can anyone please recommend steps to avoid and lock down? Thanks.
Avatar of Uptime Legal Systems
Uptime Legal Systems
Flag of United States of America image

Partially true, though there are tools and software that help mitigate risk like FoolishIT's CryptoPrevent

https://www.foolishit.com/cryptoprevent-malware-prevention/

Basically works by employing Software Restriction Policies and automatic additions to it vs how it was described which would be something GPO based.
Bit9 and Carbon Black also offer whitelisting software as an alternative to traditional AV solutions.

https://www.carbonblack.com/
Avatar of rindi
The security expert is absolutely correct. Besides what he has already mentioned, it is also very important to have a good backup strategy, backing up to different media, with rotation, and making sure that media is only accessible during backups. This isn't only a good safeguard against ransomware, but also against many other issues with PC's which can affect data.
Since many malware exploits, including of course Cryptolocker and similar malware, depend largely on fooling a user into clicking on a file or link to download a virus/malware load, it's true that there is no antivirus or antimalware program that can completely protect against this.  In addition to software solutions, hardware perimeter firewalls can offer better protection through more sophisticated filtering of websites and content.  Here's something to think about:

http://www.guardsite.com/XTM-Security-Subscriptions.asp

http://www.watchguard.com/wgrd-products/security-modules/apt-blocker
Avatar of Aireal Liddle
Aireal Liddle

Once thing that our company has noticed that helped in preventing crypto is by blocking TOR. If you are using a sonicwall, it's pretty simple to do. We just go under advanced app control then under proxy access, then find TOR and block it.
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Malwarebytes bought a small startup and is working on something. The beta is far from ready.
https://forums.malwarebytes.org/index.php?/topic/177751-introducing-malwarebytes-anti-ransomware/
Avatar of unrealone1

ASKER

all the responses wereus eful, thankyou