New Ransomware "CryptoDefense"

Archive
1

http://betanews.com/2014/04/01/pay-up-or-well-let-you-go-flawed-ransomware-leaves-behind-its-key/

 

http://betanews.com/2014/04/03/cryptodefense-could-be-a-bigger-threat-than-cryptolocker/ (follow-up report)

2

If you use HitmanPro.Alert 2.6 you are protected.

 

http://www.wilderssecurity.com/showpost.php?p=2352528&postcount=1403

3

Hi, Krusty13.

 

Thanks for letting me know.

 

One of the articles (the first of the two links in my original post) states "Symantec says it has blocked over 11,000 CryptoDefense infections in more than 100 countries since its discovery, the majority in the US."  So I'm assuming having Norton alone is enough protection this time. :smileyhappy:

4

Hi Inquirer,

 

You might like to read this bleeping computer link  -  http://www.bleepingcomputer.com/forums/t/527937/cryptodefense-newest-cryptolocker-variant-details-inside/  -  It seems that there are some that are not happy with Symantec.

5

Hi, again, Krusty13.

 

At the bleepingcomputer webpage via the link that you provided, I see that some people are complaining about Symantec posting about this ransomware in a blog without showing people how to "do anything with it" (as one poster put it). See here.

 

But no one is saying that Norton products will fail to detect and remove CryptoDefense.  Or did I miss something? :smileyhappy:

6

From what I read, there was a weaknes in the infection, but since Symantec posted about it the ransomware has now been patched.

 

Please see this post for more information  -  http://www.bleepingcomputer.com/forums/t/527937/cryptodefense-newest-cryptolocker-variant-details-inside/?p=3331721

 

Maybe @Quads  will be able to offer a more informed point of view.

 

Dave

7

Actually, that's the very post I quoted from earlier.  So the patch they were referring to pertained to CryptoDefense itself?  I took it to mean that a virus definition was created so that AV software can use it to detect this ransomware. 

 

Well, even if CryptoDefense itself was patched, I would expect Symantec to modify its own defintions accordingly as would other AV software companies.  So for now, I think I'll just let Norton alone protect my computers. :smileyhappy:

8

As I don't know what was going on behind the scenes, I will not comment any more.

 

That said, it wouldn't hurt to check out HitmanPro.Alert  -  http://www.surfright.nl/en/cryptoguard

 

Edit : Although that link gives an option to download the Beta version, an updated version of the program has now been released publicly.  I know it is Norton Compatible as I have had the developer, Erik, remotely access my system.

 

Here is another link about the program in general. -  http://www.surfright.nl/en/alert

9

Thanks, Krusty13.

 

Is this program free?  Or is the download a trial version?

10

I am not giving any view here on this forum.

 

I know what has happened, what the changes are after the Symantec Blog posting and notified Symantec about the Blog mistake  (and now the blog posting has been modified), 

 

Quads

11
Inquirer wrote:

Thanks, Krusty13.

 

Is this program free?  Or is the download a trial version?

It is completely free.

 

The instructions say if you are notified that HMPA has blocked an encryption to download HitmanPro, but you can also update and scan with Norton or MBAM.

12

Okay.  Thanks, Krusty13.

 

One more thing.  You said that an updated version of the program has been released publicly.  I take that to mean that it supplants the Beta version.  How can I tell which link on that site lets you download the updated version?

Krusty13 wrote:

 

Edit : Although that link gives an option to download the Beta version, an updated version of the program has now been released publicly.  I know it is Norton Compatible as I have had the developer, Erik, remotely access my system.

 

13

Hi Inquirer,

 

It shouldn't matter as the beta version should update to the released version anyway, but to be sure you get the Norton compatible version you should download from http://www.surfright.nl/en/alert.  It is only a 1.8MB download.

 

Here's the GUI

 

HMPA.PNG

 

And the Settings.

 

HMPA Settings.PNG

 

You might notice I have changed the flyout setting to Once per logon session, but that's my personal preference.

 

Dave

14

Okay.  Thanks, again.

 

What's "flyout"?

15

This image is copied from the site I linked above, it's the green rectangle on the top right.  It only appears for a few seconds, then fades away.

 

 

Dave

16

I see.  Thanks. :smileyhappy:

 

I think I'll install HitmanPro on my dad's computer (Win 7) first.

17

The program I'm suggestion is HitmanPro.Alert.  HitmanPro is a different program.  :smileywink:

 

I recommend a reboot after installing, even though you aren't prompted to do so.

 

Cheers!

18

Got it! Thanks, again! :smileyhappy: