Did You Know?



CryptoLocker Malware: What you still need to know

 

What is CryptoLocker?

CryptoLocker is most often spread through booby-trapped email attachments and uses military grade encryption. The malware can also be deployed by hacked and malicious web sites by exploiting outdated browser plugins. 

 

Webroot's Threat Brief on CryptoLocker

 

Can Webroot Protect Customers Against It?

Not only will Webroot be able to stop CryptoLocker before it infects your machine, but if a new variant manages to get through, our technology will be able to roll back the damage done using advanced journaling. We are the ONLY company that can offer this kind of help. We will not be able to decrypt files hijacked by CryptoLocker on a system that was infected before Webroot was on the machine and the remediation will not be possible on a network drive that does not have Webroot SecureAnywhere installed on it.

 

"WSA currently doesn't reverse the changes on a network drive because of the risk with data loss if another user changed a file. The best scenario would be to install WSA everywhere, including the system hosting the network drive if possible. Even if gigabytes of data are encrypted, WSA will continue happily journaling it." - Joe Jaroch, Webroot VP of Engineering

 

 

Read more about CryptoLocker in these posts on the Webroot Community:

Additional Conversations About CryptoLocker
 
CryptoLocker malware targeting the UK - comment from Webroot 
 
NCA warns UK of mass CryptoLocker ransomware attacks - comment from Webroot

CryptoLocker Malware: What you still need to know

by Moderator Moderator on ‎11-21-2013 03:20 PM - edited on ‎12-03-2013 03:15 PM by Moderator Moderator
Comments
by Frequent Voice on ‎11-24-2013 04:36 AM
I do have one update I am trying to post everywhere possible, cryptolocker has been putting exe's and inf's onto any USB HDD, cd's, and flash drives, (not SD cards so far) and making it look as if those are not infected in any way and even hiding those. This is a danger that definitely needs to be taken care of. Because once that media gets put into another computer it will download a different public key and use a different private key. This means it will make you pay double, I think we root needs to try and override windows from scanning hardware before it does as it will happen before we root catches it and I'd rather not have to rely on the journaling only for protection in that instance.
by Community Guide GyozoK on ‎01-22-2014 04:33 PM

Imagine this scenario:

 

We have 2 machines: a Windows Server with Webroot running and a Windows client with Webroot running.

 

The client gets infected by CryptoLocker 2.0 that then will encrypt files that are on the shared folder of the Windows Server mapped as drive X: on the client.

 

As Joe Jaroch, Webroot VP of Engineering said above:

"WSA currently doesn't reverse the changes on a network drive because of the risk with data loss if another user changed a file. The best scenario would be to install WSA everywhere, including the system hosting the network drive if possible. Even if gigabytes of data are encrypted, WSA will continue happily journaling it." - Joe Jaroch, Webroot VP of Engineering

 

We know that CryptoLocker 2.0 is not going to infect the Windows Server machine So CryptoLocker will stay running on the client only. But running on the client it will encrypt files on the mapped drive.

 

So what is the meaning of installing Webroot on the Windows file server in this scenario? Will that be able to roll back encryption of the files changed by a CryptoLocker running on another machine?

 

Kind regards,
Gyozo

 

Webroot Ambassador & Community Guide

 

by Frequent Voice on ‎01-22-2014 04:41 PM
It would still have to run a service to encrypt it so I'd assume so.... But I honestly would not like to try
by Frequent Voice on ‎03-01-2014 10:22 AM

how webroot saves from crytolocker malware?

by Silver VIP ‎03-01-2014 12:36 PM - edited ‎03-01-2014 12:46 PM

Watch the video I posted here: https://community.webroot.com/t5/Introduce-yourself-to-the/cloud-computing/m-p/85695#M2238 also they keep updating the client to protect Generically: https://community.webroot.com/t5/Release-Notes/PC-Release-Notes-8-0-4-61/td-p/83417#.UxIy4oVnCSo

 

So you are well protected there is one more Video but you would have to join BrightTalk to watch and it's by Grayson Milbourne Director, Security Intelligence Webroot also CryptoLocker: Your Money or Your Life

 

Cheers,

 

Daniel :smileywink: