............ Have a nice day............

Saturday, 31 May 2014

CryptoLocker Tripwire: Free Cryptolocker Prevention Tool

The Cryptolocker Ransomware has been morphing into more dangerous forms and even started targeting other operating systems like Android. While those affected are always looking out for ways to get rid of or remove Cryptolocker ransomware, the old proverb still stands – Prevention is better than cure!
We have earlier seen how you can block or prevent Cryptolocker ransomware attacks using CryptoPrevent, Cryptolocker Prevention Kit and HitmanPro.Alert – and by following some steps to take to stay protected & secure, by preventing Ransomware from getting onto your Windows computer.
Via this post, we would like to inform you about another Cryptolocker Prevention Tool called CryptoLocker Tripwire.

Cryptolocker Prevention Tool

image

The author of this tool follows a different approach. Seeing all the reports of various forms of the CryptoLocker ransomware, made him think of a different way to protect file servers. Every time a new virus definition is released or a new software group policy restriction placed on a Windows system, Cryptolocker finds a way to circumvent it.
The recent variants of CryptoLocker go a step further and even purge the Windows Shadow Copy stores. This makes it even more difficult for System and IT administrators to recover and restore files and data.
CryptoLocker Tripwire runs on the file server.  After loading your data share folders, the free tool will copy a witness file that you choose, to a hidden subfolder in each of the folders you have selected.  The Hidden folder is prefaced with ########, so that the folder is placed right at the top of the list. The Witness file is copied within this folder and also named ########.  Now, the tool will start a file system watcher for the Witness folder, and once there is a modification of the witness file the following things can be triggered, depending on the options you select:
  1. The Server service is shut down and disabled
  2. The Volume Shadow Copy service is shut down and disabled
  3. The Server is shut down
  4. An email alert is sent via SMTP.
The author says:
I’ve tested this thoroughly within a private test network.  Although CryptoLocker managed to get past the initial witness file, it didn’t get far before the server stopped and disabled both services and shut down. But since the VSS service was stopped I was able to easily restore the files it touched after the witness file via shadow copy restore.

CryptoLocker Tripwire free download

You can read more about CryptoLocker Tripwire at its home page. It is a portable tool that does not require to be installed. Use this freeware at your own discretion, as the author does not offer any warranties or guarantees with it.

No comments:

Post a Comment