CryptoMalware Resources

Some resources for CryptoMalware Detection, Prevention, and Remediation

Presy Slides (updated periodically): http://www.slideshare.net/AaronLancaster3/why-are-you-still-getting-cryptolocker

ISSA Journal April 2016 Feature Article - CryptoLocker by Carl Saiyed

http://c.ymcdn.com/sites/www.issa.org/resource/resmgr/JournalPDFs/feature0416.pdf

Prevention
J. Wolfgang Goerlich Preparing for malware - https://t.co/yn0CVpMtu6
FREE Training Course: https://info.varonis.com/introduction-to-ransomware

FBI IC3:
Ransomware Tri-fold: https://pdf.ic3.gov/Ransomware_Trifold_e-version.pdf
Sept. 2016 Advisory: https://www.ic3.gov/media/2016/160915.aspx

Microsoft Articles:
https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32/Crowti 
http://blogs.technet.com/b/mmpc/archive/2015/07/14/msrt-july-2015-crowti.aspx 
https://www.microsoft.com/security/portal/mmpc/shared/prevention.aspx

Expert Analysis:

http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/
http://krebsonsecurity.com/2016/09/ransomware-getting-more-targeted-expensive/

http://www.cio.com/article/2448967/security0/6-ways-to-defend-against-drive-by-downloads.html

CryptoLocker Prevention Kit: http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
CryptoPrevent (workstations only): https://www.foolishit.com/cryptoprevent-malware-prevention/

BLADE (Block All Drive-by Download Exploits): www.blade-defender.org

Detection

Traffic Analysis:

https://isc.sans.edu/forums/diary/Traffic+Patterns+For+CryptoWall+30/19203/

Expert Analysis:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx

Microsoft Server Techniques:

https://gallery.technet.microsoft.com/scriptcenter/Cryptowall-active-file-ad91b701

http://technet.microsoft.com/en-us/library/cc732074.aspx

Remediation

https://www.nomoreransom.org/

•Utilities and regain access to your files:

–RakhniDecryptor - http://support.kaspersky.com/viruses/disinfection/10556

–XoristDecryptor - http://support.kaspersky.com/viruses/disinfection/2911

–RectorDecryptor - http://support.kaspersky.com/viruses/disinfection/4264

•Attempt to retrieve your keys from:

–FireEye’s website http://www.decryptcryptolocker.com/

–Kaspersky’s Website: https://noransom.kaspersky.com/

-Cybrary.it article: https://www.cybrary.it/0p3n/ransomware-decryption-keys-released/

Other References

•IOCs https://github.com/CyberThreatAlliance/cryptowall_v3

•CoinVault and Bitcryptor keys & app: https://noransom.kaspersky.com/

•CryptoWall Dashboard: http://cyberthreatalliance.org/cryptowall-dashboard.html

•Scripts and Files related to the CyyptoWall v.3 threat: https://github.com/CyberThreatAlliance/cryptowall_v3

•CryptoLocker Scan Tool by Omnispear: http://omnispear.com/cryptolocker-scan-tool/

•Using PowerShell to Combat CryptoLocker: http://blog.varonis.com/using-powershell-combat-cryptolocker/