unrealone1
asked on
Dreaded cryptolocker
My Client has been told by a "security expert" that there is no AV software to protect against cryptolocker completely. Instead the only way is to lock down users and white-list certain applications. Do the experts concur?
Can anyone please recommend steps to avoid and lock down? Thanks.
Can anyone please recommend steps to avoid and lock down? Thanks.
Bit9 and Carbon Black also offer whitelisting software as an alternative to traditional AV solutions.
https://www.carbonblack.com/
https://www.carbonblack.com/
The security expert is absolutely correct. Besides what he has already mentioned, it is also very important to have a good backup strategy, backing up to different media, with rotation, and making sure that media is only accessible during backups. This isn't only a good safeguard against ransomware, but also against many other issues with PC's which can affect data.
Since many malware exploits, including of course Cryptolocker and similar malware, depend largely on fooling a user into clicking on a file or link to download a virus/malware load, it's true that there is no antivirus or antimalware program that can completely protect against this. In addition to software solutions, hardware perimeter firewalls can offer better protection through more sophisticated filtering of websites and content. Here's something to think about:
http://www.guardsite.com/XTM-Security-Subscriptions.asp
http://www.watchguard.com/wgrd-products/security-modules/apt-blocker
http://www.guardsite.com/XTM-Security-Subscriptions.asp
http://www.watchguard.com/wgrd-products/security-modules/apt-blocker
Once thing that our company has noticed that helped in preventing crypto is by blocking TOR. If you are using a sonicwall, it's pretty simple to do. We just go under advanced app control then under proxy access, then find TOR and block it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Malwarebytes bought a small startup and is working on something. The beta is far from ready.
https://forums.malwarebytes.org/index.php?/topic/177751-introducing-malwarebytes-anti-ransomware/
https://forums.malwarebytes.org/index.php?/topic/177751-introducing-malwarebytes-anti-ransomware/
ASKER
all the responses wereus eful, thankyou
https://www.foolishit.com/cryptoprevent-malware-prevention/
Basically works by employing Software Restriction Policies and automatic additions to it vs how it was described which would be something GPO based.