Cryptowall / Cryptolocker detection

[justincase 0]

We have ESET File Security running on a few Windows 2008/2012 file servers.

 

Let's say an unprotected PC on the network become infected with Cryptolocker or a crypto variant.

 

Would ESET file security catch or stop the real time encryption of the files on the server or does this go undetected?

 

Does any one have any expeirence with such scenario or any documentation to support this?

 

Thanks.

 

-Justin

 

[TomasP 311]

Hello,

In case of shared documents stored on the server, there would be no infected payload transferred to the server itself, the encryption would be executed on the unprotected PC, thus the malware would not reach any system with a security software that could stop it. From the server's point of view, it is simply a read access to the file and then a write access to change its content, thus a seemingly legitimate operation any PC performs thousands of times per day.

That is why it is very important to have a security solution on the whole network, not just on a part of it.

Regards,

T.

[haronaroum 0]

Even if you don’t care much about what happens on Internet world every day, you should hear about this name: CryptoWall once in your life when you read news online, or at least you know what ransomware is. Ransomware is primarily a type of malware that have been used by vicious cyber hackers as a accustomed tool to extort money from victims by unexpectedly encrypting all data that saved on their systems and demanding a ransom in return for the private key to decode their data. CryptoWall is one of the members of Ransomware family and its 4th generation was just released recently. The previous version just released in January this year. Far from being hit and limited, it seems that this ransomware has been running wild without restraint in a relatively fast speed so that the malware developers are able to develop a successor within a year.

Edited December 3, 2015 by Marcos
URL to a fishy website removed