Link to home
Create AccountLog in
Avatar of Joseph Salazar
Joseph SalazarFlag for United States of America

asked on

Ransome Ware Question

I have a client with AVG Cloudcare installed with the Crypto Prevent Installed by FoolishIT.com

This client Still got Infected and all files Encrypted...

What Tools are being used out there for the removal of Ransome Ware???

What Software should I use or combo of tools to make sure my clients do not get infected....

Cjoego
SOLUTION
Avatar of Gary Dewrell
Gary Dewrell
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
There is no best tool. The only thing you need is a valid backup. That is the secret :-)
Avatar of Lee W, MVP
When someone comes up with a solution - FoolishIT or AVG Cloud Care or ANYONE ELSE, it may work great for everything it knows about - but crypto writers get the solution, figure out how to beat it, and release a new one that the old solutions won't stop.  The ONLY 100% way to be safe is with proper backups.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of btan
btan

Try running hitman.pro alert to see if other exploit can be detected as probably these are the carrier to ransomware delivered to your machine. Do not run in admin account  as default daily usage as this indirectly give those pesky Ransomware and exploits an easier exploitation attempts. Cryptoprevent should be fine but I suspect the threat has gain privileges via exploited authorised appl and negate the protection. Check the USB drive too.

Consider augmenting existing AV with Malwarebytes Anti-ransomware or Winpatrol Winantiransom. There is also decoy (such as TrapX CryptoTrap) that can be setup to allow time to alert user while the decoys divert the Ransomware doings.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
You can also take a snapshot on the advice (https://www.nomoreransom.org/prevention-advice.html) on the nomoreransom website by the consortium of security companies, there is no difference from the expert sharing here and clearly backup is the utmost critical item as part of the preventive action plan - plan for worst case scenario - even paying ransom does not warrant data can be recovered or the malware recurrence will not happen.

there is a list of decryptors (https://decrypter.emsisoft.com/) that you may check out if the variant experience is identified - you an use IDransom (https://id-ransomware.malwarehunterteam.com/) for identification.
Avatar of Joseph Salazar

ASKER

Thanks everyone
Looks like my answers has not been helpful. Thanks.