CryptoLocker 2.0 – Are You Ready? We Are

January 29, 2014 | By Editor

While other security companies and their users are still struggling to deal with the infamous ransomware Cryptolocker, we have no worries at Comodo.  In fact, if you use our Comodo Endpoint Security, with our unique Auto-Sandbox technology, you are already safe and secure from Cryptolocker 2.0 (officially entitled Prison Locker or Power Locker) and other soon-to-go-wild copycats roaming the Internet.

How can we be so sure?  Because with over 70 million total installations of Comodo Antivirus there has not been a single reported incident of Cryptolocker on a Comodo protected computer. In fact, we provide a $5,000 virus free warranty to protect users of Comodo Endpoint Security and have not paid a single claim in over 6 years!  That is why we call our protection “ironclad”.

We’ll explain why, but first let’s review.  What is Cryptolocker?

Cryptolocker is a Trojan virus known as ransomware, spread predominantly through emails to infect Windows computers and extort money from its victims. Some analysts have called it the perfect criminal virus, almost impossible to defeat. We beg to differ, but we digress.
Endpoint Security
After being installed on your computer CryptoLocker takes control and locks up your data files, including all MS Office files. It then displays a message demanding you pay a ransom to unlock your files, around $300 in bitcoins or MoneyPak .  CryptoLocker itself can be removed by many anti-virus programs. Unfortunately your files will remain locked using encryption that is virtually impossible to break.  Pay up or you’re out of luck!

Last December, Dell SecureWorks published an estimate that the original version of the program had infected around 200,000-300,000 PCs in 100 days.  Approximately 0.4 percent of these victims probably paid the demanded ransom. That may seem like a small percentage, but it would be haul of up to $360,000 for the hackers in just 3 months. With that kind of loot in play it is not surprising to see copycats appear, and they have.

Of particular concern is an identified copycat we’ll euphemistically call CryptoLocker 2.0, aka Prison Locker.  It differs most significantly from the original CryptoLocker in that it encrypts more file formats and spreads through USB drives instead of email.  It reportedly opens up a new locked up Window and disables Windows and Escape Key.  It prevents you from running taskmgr.exe, regedit.exe, cmd.exe, explorer.exe, msconfig.exe while disabling the ALT+TAB key feature.

The following is a side by side comparison.

CryptoLocker vs. CryptoLocker 2.0 (Copycat)

 
CryptoLocker
CryptoLocker 2.0 (PrisonLocker)
Form of Encryption RSA-2048 RSA-1024 (weaker)
Ransom Payment Options Bitcoin plus other forms of payment are accepted pay via Bitcoin only
Code Microsoft’s Visual C++ C# programming language
File Types Likely to be Stolen Business Files Business, Images, Video, and Audio Files
Spreads Via… Drive-by-Downloads, Phishing Emails USB

So, CryptLocker 2.0 or similar will soon be here and more copycats are sure to follow.  Why aren’t users of Comodo Endpoint Security concerned? Because thanks to Comodo’s Default/Deny strategy with Auto Sandboxing, these malicious programs will never have the opportunity lockup their files.

Comodo Endpoint Security focuses on prevention, not purely detection. Comodo’s patent-pending Auto Sandboxing technology creates a real time, isolated environment that identifies safe, unsafe, and questionable files and executables and automatically isolates both unsafe and unknown files, allowing only known, trusted files to penetrate your system.

If a threat is known to be malicious, Comodo’s Antivirus (AV) will detect its signature and prevent any damage from occurring, i.e. the encryption of your files. If the threat is unknown, the HIPS and Auto-Sandbox will intercept the malware, stopping it in its tracks, as the virus is never actually installed on your system. Comodo AV labs detect blacklist signatures for malicious files such as CryptoLocker, so the ransomware would go straight into the Quarantine or Sandbox Management consoles of Comodo Endpoint Security Manager (CESM) where the admin could delete it.

CESM 3 packages unsurpassed protective power within our next-generation remote administrative console. This enables the administrator to receive real-time alerts through list or panoramic views of all endpoints and system management capabilities, a feature generally found only in dedicated RMM systems. So, when the user opens the malicious message containing CryptoLocker, CES will detect the malicious (or unknown) file, automatically sandbox it, and alert the administrator. If the admin gets to the alert before Comodo labs, the administrator is able to remotely remove the ransomware from the end user’s computer, regardless of the end user’s location.
esm-firewall
Four clicks to security:

  1.  Administrator views the list of files within the sandbox.
  2. Administrator selects the malicious executable(s) to be removed.
  3. Administrator remotely accesses the end user’s computer to select the malicious file running on the sandbox.
  4. Administrator deletes the file location to rid the user’s system of the malicious application.

Four clicks to security. It’s really that simple! But don’t just take our word for it. Comodo Endpoint Security (CES) is powered by the same patent-pending prevention-based technology that our consumer product, Comodo Internet Security (CIS), uses to protect consumers against CryptoLocker. CIS was recently awarded the top position in the Proactive Security Challenge 64 by matousec.com, a project run by a respected group of independent security experts dedicated to improving end user security. Following the challenge, matousec.com named CIS the “Ultimate Protection Machine.”

In addition to its ability to protect enterprises from malware like CryptoLocker, ESM has many other great capabilities. For instance, the latest upgrade to ESM added several capabilities such as centralized monitoring of sandboxed (unknown) and malicious files, endpoint auto-synchronization via Active Directory, encrypted VNC sessions to local and remote endpoints, and support for Windows 7 Embedded Standard.

To become protected against Prison Locker and its variants download a 60-Day, 60 user free trial now or contact cesmsales@comodo.com for the date of our next webinar.

Be Sociable, Share!

    Comments

    Lance's Computer Repair Services February 5, 2014 at 4:05 am

    I Give an A+ with 5 stars ***** for this Antivirus. But Before you install this make sure you do not make the mistake others have made… Please read as follows if you having problems installing it or with possible lag issues. Either ya forgot to uninstall your old antivirus? (such as Search and Destroy as well) or u did not click the Comodo’s update button? or you have less than 2 GB of Mem Ram, because Most Good Antivirus/Firewall Combo programs use up to or more than 1 GB of Memory Ram while scanning a computer. I never had a problem with it and it has always been easy to uninstall with any computer that had at least 2 GB of ram or more, 4 GB is the preferable amount of Mem Ram. I only had one customer that wanted it uninstalled and it uninstall off his Vista SP2 OS laptop in less than 10 minutes that had only 2 GB of ram. reason he wanted it off is it kept him from going to Pr0n sites that warned him of Malicious software from such sites could corrupt his computer. LMAO Ha Ha 🙂 , I warned him of the dangers and did as he requested, now he is unprotected, his choice, not mine. Wish you better luck next time you wish to install. This is what I installed successfully every time. http://download.cnet.com/Comodo-Internet-Security/3000-2239_4-10460704.html?part=dl-&subj=dl&tag=button

    Reply

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>