avast! claiming CryptoLocker immunity. Calling you out on it.

Avast Business Avast Endpoint Protection
1

On June 4 the avast! posted online saying that it detects and protects against all variants of CryptoLocker. A business client of mine was infected with the CryptoWall variant last week. Does Endpoint Protection’s engine not provide this protection yet? Is it simply something I need to tighten my configuration for?

2

I believe the statement was “all KNOWN variants of CryptoLocker”.

3

now that i have cryptowall will avast remove it?

4

Hello. I am unaware if Avast can remove Cryptolock variants, but as mentioned earlier Avast does block “all known variants”
There is plenty of information when googled.
Just one example to view:
http://www.precisesecurity.com/rogue/remove-cryptowall

5

Hi,
Unfortunately the Endpoint products do not have the DeepScreen feature so Cryptowalls may still get through! Its important to educate your customers’ and staff about Cryptowall’s and what they need to do to prevent it!

Take a look at this site for more info:
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Cryptowalls are malware programs, and in my opinion, are such a wild beast I don’t think any antivirus program can say it will offer 100% protection from them.

6

With malware it is the same as with diseases for humans.
First there is the disease and only when the disease is known doctors can try to find a cure fore it.
To reduce the risk of getting sick, the only thing people can do is living as healthy as possible.

For computers/malware it is the same.
Use the best protection there is.
But a system will never be 100% protected against all (new) malware.

The most commonly mistake that people are making is using a account with administrator rights for daily things while there is no need for it.
If malware gets through, it will have the same rights as the user has at that moment.
So always use a limited account, unless it really is needed to have more rights.

7

You may also want to take a look at CryptoPrevent :slight_smile:

8

Ive seen clients get bitten by these crypto malware, even with Avast running. Unfortunately DeepScreen or not, the authors are churning out new variants so fast to evade detection its not funny anymore.

Recently, Zero-Day Flash vulnerabilities seem to be the infection vector. A malicious flash ad delivers a dropper and in comes the Crypto malware.

Fortunately today I got a call from a client that it looks like avast stopped the dropper, but its just a roll of the dice.

Best way to protect against these is to have a good backup that supports versioning (Carbonite for example). Recovery is fairly simple with a good backup

9

My recommendation has always been to do regularly schedules image backups and, never leave the external drive that receives this backup
attached to your computer while the system is online.