by a Thinker, Sailor, Blogger, Irreverent Guy from Madras

Will CryptoPrevent 6.1.5 stop Onion Ransomware


Did you read the post on 26 May, about the first hand tangle with Cryptolocker ransomware?  As fate would have it, that same weekend FBI in a coordinated international action - Operation Tovar - took down the botnet used in Cryptolocker attacks.  About a week too late for my Chennai friend whose business was affected!

In the aftermath, I queried Nick Shaw, the author of CryptoPrevent, whether he intends to continue its development.  He clarified in his blog post [http://www.foolishit.com/posts/state-cryptoprevent-6414/] about the copycats, and the relevance of CryptoPrevent even when CryptoLocker network has been taken down.  At that time, what Nick failed to mention was the next avatar of Cryptolocker.  And today, that nightmare is upon us in the form of Onion ransomware, also known as Critoni or CTB-Locker.

The name ‘Onion’ has been attributed to this ransomware by Kaspersky Labs because unlike Cryptolocker, this one has its command and control servers hidden in the TOR (The Onion Router) network.  While Cryptolocker used the GameOver ZeuS botnet, the Onion Ransomware uses the Andromeda botnet, and while the former used the RSA/AES encryption, the latter uses the ECDH algorithm.  About the only thing common between both Cryptolocker and Onion - apart from being ransonware - are their Russian origins.

One of the best defence against Cryptolocker was the CryptoPrevent by Nick Shaw of Foolish-IT.  And we should be eternally grateful to him for its continued development and enhancement.  The latest version 6.1.5 (30 July 2014) also includes hash-based definitions to stop malware. 

So will CryptoPrevent block the Onion ransomware?  By all indications it should.  CryptoPrevent basically stops any executable from being launched from suspicious locations.  Malware like the Onion generally infect a PC by starting the process from such suspect locations.

Here is a snapshot of the Onion ransomware splash screen warning.

onion-ransomware-splash-screen
(image courtesy Kaspersky Labs)

And here is the CryptoPrevent 6.1.5 ready to block such ransomware.

cryptoprevent-6-1-5

PS:  CryptoPrevent is only one layer of security from malware.  You need to have a good security suite installed, turned on and updated.  For more tips read the earlier posts on Cryptolocker prevention.





1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete

Support - Donate

Your Blog is

Donate thro ECWID

Contact Form