We are using SCCM with Forefront to protect our computers, does Microsoft have a fix or defense for this yet???

will this stop crypto?

http://searchsecurity.techtarget.com/definition/Microsoft-Enhanced-Mitigation-Experience-Toolkit-EMET

• Edited by jamicon 19 hours 7 minutes ago

Microsoft security products identify this under the "Crowti" threat family:

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCrowti

"Microsoft security software detects and removes this threat." (Of course, this depends on the definitions being updated with the latest malware traces.)

The only possible "fix" I've seen to decrypt files encrypted by this malware is this

http://blogs.technet.com/b/mmpc/archive/2014/08/12/fireeye-and-fox-it-tool-can-help-recover-crilock-encrypted-files.aspx

but newer versions of the malware are likely to be using different encryption keys.

Here's some more info on Crowti/Cryptowall 3.0. You might want to consider enabling MAPS in endpoint protection if you aren't already using it.

http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx

And yes, EMET is a good option for increasing endpoint security and would decrease the risk of systems getting infected in the first place.

• Edited by KevinMJohnston 18 hours 42 minutes ago
• Marked as answer by jamicon 18 hours 1 minutes ago

We have systems affected that are windows and forefront up-to-date

it doesn't look like FEP is catching them

• Proposed as answer by Cyber_Defend_TeamMVP 15 hours 18 minutes ago
• Unproposed as answer by Cyber_Defend_TeamMVP 15 hours 18 minutes ago

We have systems affected that are windows and forefront up-to-date

it doesn't look like FEP is catching them

It shouldn't be like that, if you have sample of these malwares which won't be detected by FEP, then submit them to:

https://www.microsoft.com/security/portal/submission/submit.aspx