Wednesday, August 19, 2015

Protecting against CryptoLocker

Is CryptoAPI needed to be enabled on your Windows machines?
If not - disable it. More than 90% of Crypto malware uses Microsoft's CryptoAPI as the encryption engine to encrypt files using the RSA keys.
The ones that dont use  this API usually rely on passwords which are nowhere near the RSA-level encryption.

Make sure you are using a third-party encryption engine to encrypt your data (such as Sophos, McAfee, Trend etc) before you disable CryptoAPI.

Also, disconnect mapped drives if there is no need for the fileshares to be mapped to the users at all times. Ask them to go through the browser as and when needed.