CryptoLocker is the latest ransomware threat that has been in the news recently. Just like most other ransomware, CryptoLocker also encrypts your files and documents and then demands you to send them $500 through Bitcoin or MoneyPak. Once the crooks receive the ransom, they decrypt your files. Since the files are decrypted using a strong RSA 2048 bit cipher, it is impossible to decrypt or recover the files without paying the ransom. The only hedge against CryptoLocker malware is the prevention of infection in the first place. In addition to using a good antivirus with updated definitions, you can use the CryptoPrevent program to boost up your system’s defenses.
The CryptoPrevent program locks down your system against the techniques used by the CryptoLocker malware to infect your Windows system using the Group Policies. CryptoPrevent creates over 200 different group policy rules that prevent any malware akin to CryptoLocker from being executing on your computer.
You can get CryptoPrevent from the FoolishIT website. As you run this program on your Windows PC, it shows you different options that you can use to prevent CryptoLocker infections.
The first and second options let you lock down the application data folders and the recycle bin folder so that no program can be run from these. The third option blocks the multiple extension files that can be used to spoof the malware as a harmless text or image file. The fourth option locks down your system against running any programs executed after being extracted temporarily from archives.
The fifth option, allows already existing programs to be run from these blocked folders (this lets you run programs like Chrome). You can choose one or more of these options (it is suggested that you select all), and then click on the Apply button to apply these rules in form of group policies.
Once these rules have been applied, you are required to reboot your PC so that the rules can actually take effect. Now you can launch CryptoPrevent once again and click on the Test button to see whether all the rules are working properly. A message “Prevention successfully applied” would indicate that now your system is locked down against CryptoLocker and malware similar in nature to CryptoLocker.
If you install a new legitimate program in future that requires to be run from one of the blocked folders (for example, the %appdata% folder), then you can add that program to the whitelist easily. You can click on the Whitelist → Whitelist Editor in the menubar and add these new programs to the whitelist.
After you have secure your Windows PC against such ransomware threats, it will keep such malware from being run on your system. But how would you know that some malicious program tried to infect your system? The CryptoPrevent has an events viewer feature that can be accessed from the menubar by selecting Event Log → Blocked Events and shows all the events related to blocking of programs due to group policy rules of CryptoPrevent.
Conclusion: The best defense against ransomware like CryptoLocker is to prevent them from infecting your PC in the first place. The free CryptoPrevent program sets up group policy rules in Windows to secure you against possible ransomware infections.
You can download CryptoPrevent from http://www.foolishit.com/vb6-projects/cryptoprevent/.