Ransome Ware Question

I have a client with AVG Cloudcare installed with the Crypto Prevent Installed by FoolishIT.com

This client Still got Infected and all files Encrypted...

What Tools are being used out there for the removal of Ransome Ware???

What Software should I use or combo of tools to make sure my clients do not get infected....

Joseph SalazarVice President - Senior IT ConsultantAsked:
Who is Participating?
Thomas Zucker-ScharffConnect With a Mentor Systems AnalystCommented:
Cylance insists they have a 100% stop rate. SentinelOne offers a 1million dollar guarantee.  Backups are still the best protection.
Gary DewrellConnect With a Mentor Senior Network AdministratorCommented:
Number 1 is to make sure you are doing backups!
The simple fact is that most ransomware infections are caused by users clicking on something they should not. It is a training issue.

I am not aware of any product that can prevent ransomeware 100% of the time.

Some other preventative measures.

Don't run users as local administrators
Don't allow applications to run from the temp directories
Don't give users access to network shares they do not need.

I have even gone to the extreme step of blocking all zip attachments into my network.

Again the #1 most important step is reliable backups.
*** Hopeleonie ***IT ManagerCommented:
There is no best tool. The only thing you need is a valid backup. That is the secret :-)
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Lee W, MVPTechnology and Business Process AdvisorCommented:
When someone comes up with a solution - FoolishIT or AVG Cloud Care or ANYONE ELSE, it may work great for everything it knows about - but crypto writers get the solution, figure out how to beat it, and release a new one that the old solutions won't stop.  The ONLY 100% way to be safe is with proper backups.
rindiConnect With a Mentor Commented:
Use application whitelisting. That way users can only run software that has been allowed in your environment. Anything else is blocked. Also disable macros in m$ Office (or don't use m$ Office) etc., as a large number of ransomware come as macros.
McKnifeConnect With a Mentor Commented:
You need to understand that foolish IT uses blacklisting. Blacklisting is no appropriate measure. Use applocker whitelisting, no chance for malware. Backups need to be done, anyway, any day.
If you need advice on whitelisting, start by reading tutorials like https://technet.microsoft.com/en-us/library/ee791890(v=ws.11).aspx
Please note that Applocker is an enterprise edition feature but the pro editions can use software restriction policies which are almost the same.
btanExec ConsultantCommented:
Try running hitman.pro alert to see if other exploit can be detected as probably these are the carrier to ransomware delivered to your machine. Do not run in admin account  as default daily usage as this indirectly give those pesky Ransomware and exploits an easier exploitation attempts. Cryptoprevent should be fine but I suspect the threat has gain privileges via exploited authorised appl and negate the protection. Check the USB drive too.

Consider augmenting existing AV with Malwarebytes Anti-ransomware or Winpatrol Winantiransom. There is also decoy (such as TrapX CryptoTrap) that can be setup to allow time to alert user while the decoys divert the Ransomware doings.
btanExec ConsultantCommented:
You can also take a snapshot on the advice (https://www.nomoreransom.org/prevention-advice.html) on the nomoreransom website by the consortium of security companies, there is no difference from the expert sharing here and clearly backup is the utmost critical item as part of the preventive action plan - plan for worst case scenario - even paying ransom does not warrant data can be recovered or the malware recurrence will not happen.

there is a list of decryptors (https://decrypter.emsisoft.com/) that you may check out if the variant experience is identified - you an use IDransom (https://id-ransomware.malwarehunterteam.com/) for identification.
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
Thanks everyone
btanExec ConsultantCommented:
Looks like my answers has not been helpful. Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.