Endpoint Protection

 View Only
Expand all | Collapse all

Cryptolocker, are we safe?

  • 1.  Cryptolocker, are we safe?

    Posted Oct 15, 2013 09:04 AM

  • 2.  RE: Cryptolocker, are we safe?
    Best Answer

    Trusted Advisor
    Posted Oct 15, 2013 09:05 AM


    Yes. Symantec detects CryptoLocker.

    Cryptolocker is referenced by Symantec as : Trojan.Ransomcrypt.F


    Secondly, check this Thread: 


    Hope that helps!!

  • 3.  RE: Cryptolocker, are we safe?

    Posted Oct 15, 2013 09:07 AM

    Yes it detects it


    Manual removal is here in case


  • 4.  RE: Cryptolocker, are we safe?

    Posted Oct 15, 2013 10:18 AM

    Thank you symantec.

  • 5.  RE: Cryptolocker, are we safe?

    Posted Oct 16, 2013 06:17 AM

    One extra note: make sure that you are protecting your clients with the optional IPS component!  In addition to the AV signatures, there is a IPS signature that blocks this threat's traffic.


    SIG ID 27046 "System Infected: Trojan.Ransomcrypt.F"

  • 6.  RE: Cryptolocker, are we safe?

    Posted Oct 16, 2013 06:40 AM

    Noted. Thank you.

  • 7.  RE: Cryptolocker, are we safe?

    Posted Oct 23, 2013 07:47 AM

    Followers of this thred may be interested in this new blog post from security Response:

    Ransomcrypt: A Thriving Menace

    and also these resources:

    Additional information about Ransomware threats

    Definitely backup all important data regularly, keep your AV definitions up-to-date, and deploy the IPS component of SEP if you are not already using it!

  • 8.  RE: Cryptolocker, are we safe?

    Posted Oct 25, 2013 06:17 AM

    Is there a way to do a scheduled report for this type of detection should this appear on the network?

  • 9.  RE: Cryptolocker, are we safe?

    Posted Oct 30, 2013 01:11 AM

    Had an encounter with Cryptolocker on a notebook running Win7.  .docx and .xlsx files that were critical to the client were compromised.  Once the virus was removed, attempted to restore corrupt files.  As most have reported, this it impossible.  Got to thinking that maybe some of the files had been previously deleted and might be restored and retrieved.  Ran RECUVA and found thousands for deleted files.  Some had been overwritten and were not retrievable.  Others, with .docx and .xlsx, were fully retrievable.  They did not have names, just numbers - many of which were in sequence.  Once they were restored, it became obvious that the very files that were critical had been deleted after being named with a number followed by the same extension as the original files.  I am not an expert, but I have more than 30 years of experience in the field, and started hunting and killing virus infections before any software to do so was available.  This might be something worth checking on other systems that have been infected by Cryptolocker.  Maybe some genius out there can come up with a utility to undelete these files after killing the virus, and connect them with their original names.  Hope this is helpful someone.

  • 10.  RE: Cryptolocker, are we safe?

    Posted Oct 30, 2013 12:59 PM

    Many thanks, Geoconsult! "Thumbs up" from me.

    This new article may be of interest to followers of this thread:


    Recovering Ransomlocked Files Using Built-In Windows Tools

  • 11.  RE: Cryptolocker, are we safe?

    Posted Nov 06, 2013 04:45 PM

    I am concerned about the files that are encrypted; if I run a scan and symantec AV removes the mailcious files, will I have access to the files that are encrypted?  Should I do this in safe mode?  TIA!

  • 12.  RE: Cryptolocker, are we safe?

    Posted Nov 06, 2013 04:58 PM
    If the files are already encrypted the damage has been done and likely not recoverable, regardless of what mode you do it in.