[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Ransome Ware Question

Posted on 2016-09-14
10
Medium Priority
?
208 Views
Last Modified: 2016-10-01
I have a client with AVG Cloudcare installed with the Crypto Prevent Installed by FoolishIT.com

This client Still got Infected and all files Encrypted...

What Tools are being used out there for the removal of Ransome Ware???

What Software should I use or combo of tools to make sure my clients do not get infected....

Cjoego
0
Comment
Question by:Joseph Salazar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 12

Assisted Solution

by:Gary Dewrell
Gary Dewrell earned 332 total points
ID: 41798644
Number 1 is to make sure you are doing backups!
The simple fact is that most ransomware infections are caused by users clicking on something they should not. It is a training issue.

I am not aware of any product that can prevent ransomeware 100% of the time.

Some other preventative measures.

Don't run users as local administrators
Don't allow applications to run from the temp directories
Don't give users access to network shares they do not need.

I have even gone to the extreme step of blocking all zip attachments into my network.

Again the #1 most important step is reliable backups.
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 41798646
There is no best tool. The only thing you need is a valid backup. That is the secret :-)
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41798667
When someone comes up with a solution - FoolishIT or AVG Cloud Care or ANYONE ELSE, it may work great for everything it knows about - but crypto writers get the solution, figure out how to beat it, and release a new one that the old solutions won't stop.  The ONLY 100% way to be safe is with proper backups.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 88

Assisted Solution

by:rindi
rindi earned 332 total points
ID: 41798688
Use application whitelisting. That way users can only run software that has been allowed in your environment. Anything else is blocked. Also disable macros in m$ Office (or don't use m$ Office) etc., as a large number of ransomware come as macros.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 332 total points
ID: 41798692
You need to understand that foolish IT uses blacklisting. Blacklisting is no appropriate measure. Use applocker whitelisting, no chance for malware. Backups need to be done, anyway, any day.
If you need advice on whitelisting, start by reading tutorials like https://technet.microsoft.com/en-us/library/ee791890(v=ws.11).aspx
Please note that Applocker is an enterprise edition feature but the pro editions can use software restriction policies which are almost the same.
0
 
LVL 65

Expert Comment

by:btan
ID: 41798976
Try running hitman.pro alert to see if other exploit can be detected as probably these are the carrier to ransomware delivered to your machine. Do not run in admin account  as default daily usage as this indirectly give those pesky Ransomware and exploits an easier exploitation attempts. Cryptoprevent should be fine but I suspect the threat has gain privileges via exploited authorised appl and negate the protection. Check the USB drive too.

Consider augmenting existing AV with Malwarebytes Anti-ransomware or Winpatrol Winantiransom. There is also decoy (such as TrapX CryptoTrap) that can be setup to allow time to alert user while the decoys divert the Ransomware doings.
0
 
LVL 30

Accepted Solution

by:
Thomas Zucker-Scharff earned 1004 total points
ID: 41799012
Cylance insists they have a 100% stop rate. SentinelOne offers a 1million dollar guarantee.  Backups are still the best protection.
0
 
LVL 65

Expert Comment

by:btan
ID: 41799188
You can also take a snapshot on the advice (https://www.nomoreransom.org/prevention-advice.html) on the nomoreransom website by the consortium of security companies, there is no difference from the expert sharing here and clearly backup is the utmost critical item as part of the preventive action plan - plan for worst case scenario - even paying ransom does not warrant data can be recovered or the malware recurrence will not happen.

there is a list of decryptors (https://decrypter.emsisoft.com/) that you may check out if the variant experience is identified - you an use IDransom (https://id-ransomware.malwarehunterteam.com/) for identification.
0
 

Author Comment

by:Joseph Salazar
ID: 41819947
Thanks everyone
0
 
LVL 65

Expert Comment

by:btan
ID: 41825057
Looks like my answers has not been helpful. Thanks.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question