Computer Technicians and System admins across the internet are hearing more and more about the Cryptolocker threat. If you havent heard about it, Cryptolocker is a nasty piece of ransomware that will seek out certain files on computers, attached drives and networks and encrypt them. Once it has finished encrypting the files, it will show a popup that tells the user that their files are encrypted and they have to pay a ransom to decrypt them before the 96 hour countdown completes. If the user doesnt pay the ransom during the countdown, the private key used to encrypt the files is destroyed and the users files become unrecoverable.
Nick from FoolishIT (creator of the popular tool “D7″) took the “How to prevent Cryptolocker steps” from BleepingComputers guide and turned them into a handy executable.
Basically, this utility artificially implants group policy objects into the registry in order to block certain executables in certain locations from running. For example, Cryptolocker drops a randomly named executable in the %AppData% directory and then runs it. This tool creates a rule (one of about 150) to stop executables running from this directory.
Please keep in mind that this tool is to be used before the infection. It will not help you if the computer has already been infected.
CryptoPrevent is free for both personal and commercial use but in order to make use of the automatic updates feature, it costs $25 USD. This cost is not required for usage and is entirely optional.
The application has many switches for automation and scripting purposes and comes with both a portable and installer version.