cryptowall virus even though they are protected with webroot?
has anyone been infected with cryptowall virus even though they are protected with webroot?
Hello @ ,
In most cases we are able to detect and effectively block crypto-malware before it is able to encrypt files. However, it is important to understand that new variants are released on a constant basis. The authors of these variants can actively test them against all major security vendors so they can ensure their variant is not detected yet.
Unfortunately this means that new variants are able to infect a number of customers before our researchers can create detection rules for them.
These infections are extremely difficult to remediate due to the NSA-level encryption that is used. This makes it virtually impossible to restore the files without a decryption key. If a new variant is given enough time to run, there is nothing that our support team can do to restore them. This is currently the case for our competitors as well.
If the damage has already been done, the best advice we can give is to suggest certain third party tools which can sometimes restore the encrypted files, but even so, there is a small chance of success. However, if you would like for us to remote in and see if there is anything else we can do, that can certainly be arranged.
We are continually working on developing new ways of detecting crypto infections and we have several promising methods currently in testing. We are hopeful that this will improve our ability to detect this type of malware heuristically in the future, but sadly I cannot provide an accurate timetable for when these new methods will be implemented in the WSA agent.
I hope this helps.
Regards,
In most cases we are able to detect and effectively block crypto-malware before it is able to encrypt files. However, it is important to understand that new variants are released on a constant basis. The authors of these variants can actively test them against all major security vendors so they can ensure their variant is not detected yet.
Unfortunately this means that new variants are able to infect a number of customers before our researchers can create detection rules for them.
These infections are extremely difficult to remediate due to the NSA-level encryption that is used. This makes it virtually impossible to restore the files without a decryption key. If a new variant is given enough time to run, there is nothing that our support team can do to restore them. This is currently the case for our competitors as well.
If the damage has already been done, the best advice we can give is to suggest certain third party tools which can sometimes restore the encrypted files, but even so, there is a small chance of success. However, if you would like for us to remote in and see if there is anything else we can do, that can certainly be arranged.
We are continually working on developing new ways of detecting crypto infections and we have several promising methods currently in testing. We are hopeful that this will improve our ability to detect this type of malware heuristically in the future, but sadly I cannot provide an accurate timetable for when these new methods will be implemented in the WSA agent.
I hope this helps.
Regards,
James G. Worldwide Online Retention Specialist
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.