Directly targeting your users with a view to withdraw large sums of money, one of the most dangerous forms of malware, ransomware site presents major challenges for manufacturers antivirus, Forced to resort to aggressive methodological procedures to ensure that users are not affected. Unfortunately, no matter how good the antivirus program used, the recovery of all files compromised ago infection ransomware is not guaranteed, prevention is the only way of maintaining truly effective protection.
A type of malware able to remove collection of photos and documents in the device memory, leaving encrypted versions that can be opened only with a key access ransomware is the digital version of robbery with hostages.
If the first form of ransomware resorted to relatively rudimentary methods, encrypting files using encryption keys unique users, relatively easy to recover for antivirus manufacturers, which provided for disinfecting tools, able to recover files that are locked in an integrated way, the same can not be said more sophisticated versions (ex. Cryptowall) That generates unique encryption keys for each device infected, they send forth a collection server in the possession of the attackers. In most cases, the files encrypted in this way can not be recovered, the injury is considerably affected users and companies.
Relatively new, Trojan.DownLoad3.35539 (Variant CTB-Locker) Is spread through email, as an attachment in ZIP archiveContaining a file SCR extension. If the file is opened, the program extracts infected hard disk an RTF document which it displays on the display. Meanwhile, in the background, the encryption program is downloaded from a server under the control of the attackers. Once decompressed and activated, it scans storage devices for the user's personal documents, which they seize, replacing the original with encrypted versions. After the mission has been completed, the user is notified by a message that he must pay for the redemption of personal data.
How Cryptowall prevent infection and other similar forms of ransomware?
Taking your experts BitDefender, Regular users and system administrators can reduce the risk of infection, and damage caused by this, considering some basic rules:
- Uses a constantly updated computer security solution capable of active scanning.
- Schedule back-up files to one or more external hard drives do not remain permanently connected to the PC or the local network or using service cloud storage.
- Avoid visiting unknown websites, links or not access files included as an attachment to email messages with uncertain origin and not to provide personal information public chats or forums. Sometimes it is possible that messages with infected attachments to be received including known addresses, if the PC at the other end has been compromised, or abusive email address have been added to the Sender field.
- Implement / lock activates a creative solution, and Antispam.
- Use a web browser with support for virtualizares or completely disable support for playback of content Flash.
- Employers should train their employees in terms of social engineering attempts to identify and PhishingUsing email messages.
Also, system administrators must strengthen group policies to block execution of virus specific locations. This may be achieved by Windows Professional or Windows Server Edition. option Software Restriction Policies can be found in the editor Local Security Policy. After accessing button New Software Restriction Policies from under Additional RulesWill be used next Path Rules with “Dissallowed” security level:
- "% Username% AppData \\ \\ \\ Roaming *. Exe"
- "% AppData% \ Microsoft \Windows\ Start Menu \ Programs \ Startup \\. * Exe ”
- C: \\ \\ * .exe
- "% Temp% \\ *. Exe"
- "% Userprofile% \\ Start Menu \\ Programs \\ Startup \\ *. Exe ”
- "% Userprofile% \\ *. Exe "
- "% Username% AppData \\ \\ *. Exe"
- "% Username% \\ AppData \\ Local \\ *. Exe"
- “% Username% \\ Application Data \\ *. Exe”
- “% Username% \\ Application Data \\ Microsoft \\ *. Exe”
- "% Username% \\ Local Settings\\ Application Data \\ * .exe ”
Using these mechanisms should limit or block CryptowallBut for more protection, Bitdefender proposes Cryptowall Immunizer. Acting as additional protective mechanism, which works in parallel with antivirus permanently activated, the tool allows users to immunize computers and block any attempt file encryptionBefore it takes place.