Cryptowall

We are using SCCM with Forefront to protect our computers, does Microsoft have a fix or defense for this yet???

will this stop crypto?

http://searchsecurity.techtarget.com/definition/Microsoft-Enhanced-Mitigation-Experience-Toolkit-EMET

  • Edited by jamicon Friday, February 06, 2015 4:39 PM
February 6th, 2015 7:02pm

Microsoft security products identify this under the "Crowti" threat family:

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCrowti

"Microsoft security software detects and removes this threat." (Of course, this depends on the definitions being updated with the latest malware traces.)

The only possible "fix" I've seen to decrypt files encrypted by this malware is this

http://blogs.technet.com/b/mmpc/archive/2014/08/12/fireeye-and-fox-it-tool-can-help-recover-crilock-encrypted-files.aspx

but newer versions of the malware are likely to be using different encryption keys.

Here's some more info on Crowti/Cryptowall 3.0. You might want to consider enabling MAPS in endpoint protection if you aren't already using it.

http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx


And yes, EMET is a good option for increasing endpoint security and would decrease the risk of systems getting infected in the first place.


  • Edited by KevinMJohnston Friday, February 06, 2015 5:04 PM
  • Marked as answer by jamicon Friday, February 06, 2015 5:45 PM
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2015 7:56pm

We have systems affected that are windows and forefront up-to-date

it doesn't look like FEP is catching them

February 6th, 2015 8:46pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics