Ransome Ware Question

Posted on 2016-09-14
Last Modified: 2016-10-01
I have a client with AVG Cloudcare installed with the Crypto Prevent Installed by

This client Still got Infected and all files Encrypted...

What Tools are being used out there for the removal of Ransome Ware???

What Software should I use or combo of tools to make sure my clients do not get infected....

Question by:Joseph Salazar
LVL 12

Assisted Solution

by:Gary Dewrell
Gary Dewrell earned 83 total points
ID: 41798644
Number 1 is to make sure you are doing backups!
The simple fact is that most ransomware infections are caused by users clicking on something they should not. It is a training issue.

I am not aware of any product that can prevent ransomeware 100% of the time.

Some other preventative measures.

Don't run users as local administrators
Don't allow applications to run from the temp directories
Don't give users access to network shares they do not need.

I have even gone to the extreme step of blocking all zip attachments into my network.

Again the #1 most important step is reliable backups.
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 41798646
There is no best tool. The only thing you need is a valid backup. That is the secret :-)
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41798667
When someone comes up with a solution - FoolishIT or AVG Cloud Care or ANYONE ELSE, it may work great for everything it knows about - but crypto writers get the solution, figure out how to beat it, and release a new one that the old solutions won't stop.  The ONLY 100% way to be safe is with proper backups.
LVL 88

Assisted Solution

rindi earned 83 total points
ID: 41798688
Use application whitelisting. That way users can only run software that has been allowed in your environment. Anything else is blocked. Also disable macros in m$ Office (or don't use m$ Office) etc., as a large number of ransomware come as macros.
LVL 53

Assisted Solution

McKnife earned 83 total points
ID: 41798692
You need to understand that foolish IT uses blacklisting. Blacklisting is no appropriate measure. Use applocker whitelisting, no chance for malware. Backups need to be done, anyway, any day.
If you need advice on whitelisting, start by reading tutorials like
Please note that Applocker is an enterprise edition feature but the pro editions can use software restriction policies which are almost the same.
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

LVL 62

Expert Comment

ID: 41798976
Try running alert to see if other exploit can be detected as probably these are the carrier to ransomware delivered to your machine. Do not run in admin account  as default daily usage as this indirectly give those pesky Ransomware and exploits an easier exploitation attempts. Cryptoprevent should be fine but I suspect the threat has gain privileges via exploited authorised appl and negate the protection. Check the USB drive too.

Consider augmenting existing AV with Malwarebytes Anti-ransomware or Winpatrol Winantiransom. There is also decoy (such as TrapX CryptoTrap) that can be setup to allow time to alert user while the decoys divert the Ransomware doings.
LVL 26

Accepted Solution

Thomas Zucker-Scharff earned 251 total points
ID: 41799012
Cylance insists they have a 100% stop rate. SentinelOne offers a 1million dollar guarantee.  Backups are still the best protection.
LVL 62

Expert Comment

ID: 41799188
You can also take a snapshot on the advice ( on the nomoreransom website by the consortium of security companies, there is no difference from the expert sharing here and clearly backup is the utmost critical item as part of the preventive action plan - plan for worst case scenario - even paying ransom does not warrant data can be recovered or the malware recurrence will not happen.

there is a list of decryptors ( that you may check out if the variant experience is identified - you an use IDransom ( for identification.

Author Comment

by:Joseph Salazar
ID: 41819947
Thanks everyone
LVL 62

Expert Comment

ID: 41825057
Looks like my answers has not been helpful. Thanks.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now