It’s been some time since I last wrote about the ransomware called CryptoLocker. A piece of ransomware that actually encrypts your files so that you cannot access them without paying the ransom.
Fortunately, a utility has been written by FoolishIT which will set up software restriction policies on Windows. These restriction policies will prevent the execution of CryptoLocker. And they will also prevent the execution of the now-included Zbot Trojan.
What follows is a step-by-step guide to setting up the restriction policies using the utility.
Step #1: Download the utility here: http://www.foolishit.com/download/cryptoprevent/
Step #2: Make sure that the open with Windows Explorer option is selected and then click on the Open button.
Step #3: Somewhere at the top of the Windows Explorer window, you should see an option to extract all files. Choose that option and extract the files to the folder.
Step #4: Double-click CryptoPrevent.exe to execute the utility.
Step #5: On the screen that just popped up, press OK.
Step #6: On the new screen, make sure all checkboxes are checked.
Step #7: Click on the Block button. This shall set up the restriction policies which will prevent the execution of CryptoLocker.
Step #8: To make sure it worked, click on the Test button. It will return with either success or failure. Success means that the included test executable was able to get through. Failure means that it was blocked.
If you find that the restriction causes issues with some of your applications, you can go back to the utility and click on the Undo button to remove the changes. After you are done with that application, you can go back and click on the Block button again to set up the restrictions again.
Please note that this utility merely prevents you from getting infected. It does no good if you are already infected.
For more info about the utility, please visit this website: http://www.foolishit.com/vb6-projects/cryptoprevent/
Thank you for reading. Feel free to comment if you have any questions or comments.