Jump to content

Cryptowall / Cryptolocker detection


Go to solution Solved by TomasP,

Recommended Posts

We have ESET File Security running on a few Windows 2008/2012 file servers.

 

Let's say an unprotected PC on the network become infected with Cryptolocker or a crypto variant.

 

Would ESET file security catch or stop the real time encryption of the files on the server or does this go undetected?

 

Does any one have any expeirence with such scenario or any documentation to support this?

 

Thanks.

 

-Justin

 

Link to comment
Share on other sites

  • ESET Moderators
  • Solution

Hello,

In case of shared documents stored on the server, there would be no infected payload transferred to the server itself, the encryption would be executed on the unprotected PC, thus the malware would not reach any system with a security software that could stop it. From the server's point of view, it is simply a read access to the file and then a write access to change its content, thus a seemingly legitimate operation any PC performs thousands of times per day.

That is why it is very important to have a security solution on the whole network, not just on a part of it.

Regards,

T.

Link to comment
Share on other sites

Even if you don’t care much about what happens on Internet world every day, you should hear about this name: CryptoWall once in your life when you read news online, or at least you know what ransomware is. Ransomware is primarily a type of malware that have been used by vicious cyber hackers as a accustomed tool to extort money from victims by unexpectedly encrypting all data that saved on their systems and demanding a ransom in return for the private key to decode their data. CryptoWall is one of the members of Ransomware family and its 4th generation was just released recently. The previous version just released in January this year. Far from being hit and limited, it seems that this ransomware has been running wild without restraint in a relatively fast speed so that the malware developers are able to develop a successor within a year.

Edited by Marcos
URL to a fishy website removed
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...