Solved

Ransome Ware Question

Posted on 2016-09-14
10
191 Views
Last Modified: 2016-10-01
I have a client with AVG Cloudcare installed with the Crypto Prevent Installed by FoolishIT.com

This client Still got Infected and all files Encrypted...

What Tools are being used out there for the removal of Ransome Ware???

What Software should I use or combo of tools to make sure my clients do not get infected....

Cjoego
0
Comment
Question by:Joseph Salazar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 12

Assisted Solution

by:Gary Dewrell
Gary Dewrell earned 83 total points
ID: 41798644
Number 1 is to make sure you are doing backups!
The simple fact is that most ransomware infections are caused by users clicking on something they should not. It is a training issue.

I am not aware of any product that can prevent ransomeware 100% of the time.

Some other preventative measures.

Don't run users as local administrators
Don't allow applications to run from the temp directories
Don't give users access to network shares they do not need.

I have even gone to the extreme step of blocking all zip attachments into my network.

Again the #1 most important step is reliable backups.
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 41798646
There is no best tool. The only thing you need is a valid backup. That is the secret :-)
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41798667
When someone comes up with a solution - FoolishIT or AVG Cloud Care or ANYONE ELSE, it may work great for everything it knows about - but crypto writers get the solution, figure out how to beat it, and release a new one that the old solutions won't stop.  The ONLY 100% way to be safe is with proper backups.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 88

Assisted Solution

by:rindi
rindi earned 83 total points
ID: 41798688
Use application whitelisting. That way users can only run software that has been allowed in your environment. Anything else is blocked. Also disable macros in m$ Office (or don't use m$ Office) etc., as a large number of ransomware come as macros.
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 83 total points
ID: 41798692
You need to understand that foolish IT uses blacklisting. Blacklisting is no appropriate measure. Use applocker whitelisting, no chance for malware. Backups need to be done, anyway, any day.
If you need advice on whitelisting, start by reading tutorials like https://technet.microsoft.com/en-us/library/ee791890(v=ws.11).aspx
Please note that Applocker is an enterprise edition feature but the pro editions can use software restriction policies which are almost the same.
0
 
LVL 64

Expert Comment

by:btan
ID: 41798976
Try running hitman.pro alert to see if other exploit can be detected as probably these are the carrier to ransomware delivered to your machine. Do not run in admin account  as default daily usage as this indirectly give those pesky Ransomware and exploits an easier exploitation attempts. Cryptoprevent should be fine but I suspect the threat has gain privileges via exploited authorised appl and negate the protection. Check the USB drive too.

Consider augmenting existing AV with Malwarebytes Anti-ransomware or Winpatrol Winantiransom. There is also decoy (such as TrapX CryptoTrap) that can be setup to allow time to alert user while the decoys divert the Ransomware doings.
0
 
LVL 28

Accepted Solution

by:
Thomas Zucker-Scharff earned 251 total points
ID: 41799012
Cylance insists they have a 100% stop rate. SentinelOne offers a 1million dollar guarantee.  Backups are still the best protection.
0
 
LVL 64

Expert Comment

by:btan
ID: 41799188
You can also take a snapshot on the advice (https://www.nomoreransom.org/prevention-advice.html) on the nomoreransom website by the consortium of security companies, there is no difference from the expert sharing here and clearly backup is the utmost critical item as part of the preventive action plan - plan for worst case scenario - even paying ransom does not warrant data can be recovered or the malware recurrence will not happen.

there is a list of decryptors (https://decrypter.emsisoft.com/) that you may check out if the variant experience is identified - you an use IDransom (https://id-ransomware.malwarehunterteam.com/) for identification.
0
 

Author Comment

by:Joseph Salazar
ID: 41819947
Thanks everyone
0
 
LVL 64

Expert Comment

by:btan
ID: 41825057
Looks like my answers has not been helpful. Thanks.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question