Thanks for the info Roy!
 
Daniel 😉

I'm evaluating Webroot for our company. I'm curious what the window of opportunity is to retrospectively undo damage.

How far back can the journaling be used to restore to? Is it based on a given time frame, number of changes made, or something else?

Thanks,

Chris

The force is strong in this one.
 
Thanks.

If I could please ask for some clarification regarding CryptoLocker?
 
After reading an article from Scientific American about this I came here and found this thread. I just wanted to be certain that;
 
1. I am protected from this threat with Webroot.
 
2. If one of our Webroot protected computers IS infected that Webroot would be able to reverse any damage done.
 
While I am pretty vigilant about not opening attachments or clicking on links contained in email, I worry about other users in my houshold exercising the same caution. The thought of this virus infecting my home network scares the hell out of me. While I do backup full images of my pc to an external HDD it is my understanding that this virus can infect files across the entire network including, I'm assuming, my backup drive. I just want to be sure that I'm protected. Thanks in advance for any information you can supply.
 
Sincerely, BD

Hi BurnDaddy
 
Please take a look at post 17 in this thread (link below):
 
https://community.webroot.com/t5/Security-Industry-News/How-To-Avoid-CryptoLocker-Ransomware/m-p/64147#M2475
 
I believe that you questions ahve been answered around that point in the thread.
 
HTH?
 
Regards
 
 
 
Baldrick

____________________________________________________________________________
 
DanP wrote:
WSA can detect and block Cryptolocker, and if an unknown variant happens to slip through, WSA should be able to roll back the changes as part of the cleanup routine using journalling as long as WSA was installed prior to the files being encrypted. WSA can not decrypt files encrypted by Cryptolocker on a system that was infected prior to WSA being installed. We have improved and continue to improve WSA in order to handle these types of threats.
 
____________________________________________________________________________
 
Thanks, Baldrick.
 
It guess it was the should in "WSA should be able to roll back the changes " that had me worried. Should is really not definitive. I'd really be interested to hear from a WSA user that has successfully restored their system after a CryptoLocker attack. Thanks for taking the time to reply.
 
Sincerely,
 
 
BD
 
 
 
 
 

Hi BurnDaddy
 
This nasty piece of malware is very concerning to all and I think that Joe, one of the developers @ explains (see post 10 https://community.webroot.com/t5/Security-Industry-News/How-To-Avoid-CryptoLocker-Ransomware/m-p/63661#M2468) one of the impressive roll backs he has seen WSA do...and I am sure that that is just one of a number.
 
No problem at all re. taking time to reply.  It is a pleasure if one can help.  That is what the Community Forums are here for.  As a place where users can help each other...learn a lot from each other...and have some fun too...:D
 
Hope to see you about in the future.
 
Regards
 
 
Baldrick

Here's a good article which refrences specific tools to stop CryptoLocker from encrypting your files. 
 
http://thehackernews.com/2013/11/how-to-protect-your-computer-from.html
 
 

@ wrote:
 
Also having Webroot SecureAnywhere will protect you from this infection!
 

It's great to hear that:D
Thanks Daniel:D
 
Regards,
 
Mike

Thanks for the info, dillardo. Welcome to the Webroot Community!
 
I went ahead and installed "CryptoPrevent" as an added measure. While I feel confident that Webroot has my back should an infection occur, I thought an extra layer of protection was in order considering the insideous nature of this nasty piece of malware. Thanks again for the info and don't hesitate to return to the forum here if you have any questions or suggestions. There are many dedicated, competent, experienced individuals here that are more than happy to assist you.
 
Have a great day!
 
BD

Hi BurnDaddy. I use Webroot as well. I recently switched after visiting thier booth at the ISSA conference and was introduced to thier new technology. While I trust Webroot to be able to remove the malware if installed, I'm not so sure it can prevent CryptoLocker from encrypting the files. If this technology is included in the latest version of Webroot, please point me to the reference. I'd like to read up on it.
 
Dillardo

Hi Dillardo,
 
Given the recent nature of this threat I'm not sure there is any official documentation regarding CryptoLocker. However, as Baldrick has kindly pointed out in his post here (post#34), JoeJ explains in his post (#10) the rollback technology that Webroot incorporates. Hopefully, as more information about this piece of malware comes out, the fine folks here in the forum will have more information for us regarding it.
 
Reagrds,
 
BD

We dont have any official documentation because of the sheer number of new threats we see every day doing a full report on each one would mean we wouldnt actually get any time to do our malware determinations!
 
However we do blogs and video posts about the big new infections or emerging trends. I have written up some information about this infection back a few pages and a number of other Webroot staff have contributed. 

____________________________________________________________________________
Rakanisheu wrote:
 
We dont have any official documentation because of the sheer number of new threats we see every day doing a full report on each one would mean we wouldnt actually get any time to do our malware determinations!
 
However we do blogs and video posts about the big new infections or emerging trends. I have written up some information about this infection back a few pages and a number of other Webroot staff have contributed. 
 
____________________________________________________________________________
 
Well... There you have it, Dillardo.
 
As Rakanishu pointed out in his exclamitory reply, everything you need to know is contained in this thread.;)
 
You're protected because they say so. End of story. Case closed. (Insert smiley dusting off his hands here)

The following article is a update on CryptoLocker
 
(CryptoLocker is temporarily disabled, users still at risk)
 
By: HNS Staff/ Posted on July 11 2014
 

 
Bitdefender warns that while CyptoLocker is currently disabled, it could come back to life at any moment. As such, users need to take precautions to protect against this threat.
 
The Trojan often comes bundled with spam messages, but the most effective vector is a secondary delivery mechanism that involves the GameOver Zeus botnet deploying CryptoLocker in a pay-per-install affiliation mechanism.

Catalin Cosoi, Chief Security Strategy at Bitdefender, states, “Zeus is a well-known and highly successful crimeware kit - the flat-pack furniture of the virus world. It is under constant development by several criminals or groups and new functionalities are constantly added. The skill bar to using it is unfortunately very low and getting lower by the day.
 
Help Net Security/ Full Read Here/ http://www.net-security.org/malware_news.php?id=2804

The following article is a update on Cryptolocker Infection
(Cryptolocker flogged on YouTube)
 
By Darren Pauli, 20 Aug 2014
 
 
 
Cryptolocker is being flogged over YouTube by vxers who have bought advertising space, researchers Vadim Kotov and Rahul Kashyap have found.
The researchers made the discovery while monitoring YouTube and website banners for instances where malware writers had actually purchased space to foist their wares on unpatched web users.
 The duo who will present at the upcoming Virus Bulletin 2014 conference in Seattle wrote in a paper advertisement networks was a viable way to flog virus and trojans.
"We conclude that ad networks could be leveraged to aid, or even be substituted for current exploit kits," they said.
Purchased ad space was a cheap and effective means of foisting browser malware allowing attackers to filter victims by language, location, and interests, VB reported. Malware contained in ads could be obfuscated and then unleashed once conditions like operating systems, browser versions and other elements were met.
http://regmedia.co.uk/2014/08/19/tghfgh55.pngThe YouTube Cryptolocker ads
CryptoLocker surfaced in September distributed through Gameover ZeuS. It encrypted important files such as images and documents on compromised Windows machines before demanding that victim pay up to $500 in BitCoins within 72 hours for the private keys necessary to unlock files.
 
The Register/ Full Article Here/ http://www.theregister.co.uk/2014/08/20/cryptolocker_flogged_on_youtube/

"The following article is a on going thread on Ransomware"
****************************************************************************************************************************************

Ransomware is lucrative -- almost half of all victims pay.

By Sead Fadilpaši?
 
http://betanews.com/wp-content/uploads/2016/01/ransomware_keyboard_button_dollar.jpg
I recently covered a story in which security firm Imperva said Cryptowall 3.0 was the most successful ransomware of all time, earning its creators $325 million (£225.7m) so far. Now another story about ransomware emerges, and this one comes from another major security firm, Bitdefender.
In its report, the company says almost half (44 percent) of all ransomware victims have paid to get their data back, with 39 percent saying they expect to be attacked again, in the future.
 Ransomware is a type of malware which encrypts all the data on the victim’s computer and demands money in Bitcoin to release the data. If no payment is made in a specific timeframe, the documents are lost.
 
full article here: