Ransomware
/ Crypto Locker / Locky Virus
A type of malicious software
designed to block access to a computer system until a sum of money is paid.
Locky, a new family of ransomware that emerged in the
last few weeks, has quickly made a mark for itself. Computer security companies
say it has become a commonly seen type of ransomware, which is used to hold a
computer’s files hostage pending a ransom payment.
“The idea that someone external to you can
encrypt all of your data and then you have no way to retrieve that data unless
you pay them I think is just absolutely terrifying.”
Trustwave's
SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it
collected in the last week were ransomware-related, including many linked to
Locky
Solution
Once it is affected on your system,
the only way to decrypt your file is to pay ransom money but we have always an
option to prevent this in advance
Ransomware
Prevention
- Install latest Windows Update on all systems
- Implement group policy for Office suites
https://www.frankysweb.de/windows-fileserver-vor-ransomware-schuetzen-update/
** above link in German
convert it to English
o
Download run following onetime AV scanner
1)
Run
ESET one time online scanner http://www.eset.com/us/online-scanner/
2)
Combofix
one time scanner http://www.bleepingcomputer.com/download/combofix/
3)
RogueKiller
one time scanner http://www.bleepingcomputer.com/download/rkill/
** Install MalwareBytes Anti Ransomware (not a onetime scanner, just install it. Do
not consider this as replacement of AV software , this can we used only for
“Ransomware” detection and prevention )
- Remove Local Admin rights
- Enable System Restore
- Deploy a software Restriction Policy
- Configure SAN snapshots
- Increase backup retention period
For
further reading on CryptoLocker, please see
