As you’ve probably heard by now, there is a sinister ransomware infection that has been causing considerable havoc around the web for the past few months. This fine slice of digital evil is called CryptoLocker and it came onto the scene around September 2013.
Essentially, CryptoLocker encrypts important files such as photos, spreadsheets, and other documents by using a mix of RSA & AES encryption and keeps them locked from the user while initiating a countdown timer set for 96 hours, or 4 days. Once this encryption process is completed, the user has until the end of the countdown to pay a ransom of either $100 or $300 in the form of Moneypak vouchers or Bitcoins in order to retrieve the private key and decrypt the files. Researchers have concluded that there is no way to retrieve the decryption keys without paying the ransom, as the keys are unique for every computer and are stored on the attacker’s servers.1
Unfortunately, a new twist was added to the CryptoLocker situation at the beginning of this month. The developers of CryptoLocker have realized that they can take further advantage of the ransom situation as they’ve come to understand that people are still willing to pay even after the countdown expires. Now, as a victim, you can still purchase the private key for your files after expiration of the countdown, for a much steeper price. This ‘late’ purchase price is set at 10 Bitcoin, or approximately USD $3,000 at current exchange rates… (I suppose ‘steeper price’ might be a bit of an understatement). In order to allow people to gain access to the encrypted files after the time has expired, the CryptoLocker devs have created a ‘CryptoLocker Decryption Service’: “This service allows you to purchase private key and decrypter for files encrypted by CryptoLocker,” the site reads. “Customers” of the service can search for their “order number” simply by uploading any of the encrypted files.2 Although CryptoLocker is a seriously disastrous program, I believe many would agree that its been brilliantly engineered.
CryptoPrevent: Defense Against CryptoLocker
Alright. Now that you know a bit about CryptoLocker, have no fear! Our close friend and business partner, Nick Shaw from Foolish IT, has become a knight-in-shining-digital-armor, as he has taken the problems spawned by CryptoLocker into his own hands. Nick has been slaving away on an application for defending against CryptoLocker, which he has cleverly dubbed: CryptoPrevent. Sites in the industry from the likes of Podnutz to Bleeping Computer have been praising Nick’s efforts and we wanted to highlight his hard work here as well.
NOTE: MAKE SURE YOU DOWNLOAD OR UPGRADE TO THE NEWEST VERSION OF CRYPTOPREVENT!
CryptoPrevent is a tiny utility to lock down any Windows OS (XP, Vista, 7, 8, and 8.1) to prevent infection by the CryptoLocker malware or ‘ransomware’, which encrypts personal files and then offers decryption for a paid ransom.
CryptoPrevent artificially implants group policy objects into the registry in order to block certain executables in certain locations from running. The number of rules created by CryptoPrevent is somewhere between 150 and 200+ rules depending on the OS and options selected, not including whitelisting! Note that because the group policy objects are artificially created, they will not display in the Group Policy Editor on a Professional version of Windows — but rest assured they are still there! Executables now protected against (starting with v2.6) are *.exe *.com *.scr and *.pif, and these executables are blocked in the paths below…
To our knowledge, Nick’s CryptoPrevent is currently the best application available for defending against the CryptoLocker ransomware. Its definitely worth checking out. Great work Nick!
CryptoPrevent as a Custom App in TechWARU
At RepairTech, we’ve recently added the functionality for adding custom applications to TechWARU, and to ensure that you can help your customers, family, and friends defend themselves against CryptoLocker, here is a guide for adding CryptoPrevent to TechWARU as a custom app. Check it out here:
The ability to add custom applications in TechWARU is one of our favorite new features. If you find that TechWARU is lacking a must-have app, now you can simply add it yourself and have it ready for use in minutes! If you don’t have TechWARU yet, make sure you sign up for a free 30-day trial and see how it can revolutionize the way you do computer repair.
Check out a 30-day free trial of TechWARU here: TechWARU
Thanks for reading! Remember, the Golden State Warriors have great defense. You should too.