CryptoPrevent Review: Does it Prevent CryptoLocker?

Dennis Faas's picture

Infopackets Reader Tina M. writes:

" Dear Dennis,

Regarding CryptoLocker, can you tell me if the software program CryptoPrevent can actually remove CryptoLocker and other ransomware infections? In other words, does CryptoPrevent actually work? Or is there a better way to prevent and remove CryptoLocker if I get infected? "

My response:

Similar to antivirus, CryptoPrevent is software that helps to prevent CryptoLocker and similar ransomware infections. It does not remove the infection if you become infected. If you do become infected, the only 100% fail safe way to undo the damage is to restore your files from a backup -- but only if you backed up your files in the first place.

How CryptoPrevent Works - In General

CryptoPrevent is similar to antivirus and antimalware software, though the sole purpose of CryptoPrevent is to prevent specifics types of threats (ransomware), whereas antivirus is generally more encompassing. Similar to antivirus, CryptoPrevent needs to be updated on a regular basis; that's because CryptoLocker and other similar ransomware / viruses / malware programs change over time (because they're software, too).

CryptoPrevent will only proactively help to prevent CryptoLocker and similar ransomware infections as long as it is kept up to date. If CryptoPrevent can't detect the latest CryptoLocker / ransomware variant (because they also are updated often), then CryptoPrevent won't protect you. And, as I mentioned previously, it certainly won't remove the infection after you've become infected.

To put it simply, there is no 'magic bullet' to prevent and remove CryptoLocker, nor is there a single program that will prevent malware or viruses from infecting PCs. That is most likely going to remain true from now until the end of time because of the way that software is used to detect and remove such threats.

Some Other Considerations

Programs like CryptoLocker are created by underground criminal organizations, and they make millions of dollars yearly ripping people off with their ransoms. CryptoPrevent on the other hand is (as far as I understand) created and updated by a single person. That said, most major antivirus programs also help to prevent CryptoLocker, and do not cost anything. They're also updated by large corporations, which means they have more resources available to study and remove threats like CryptoLocker.

So should you put your faith in CryptoPrevent? You can if you like, but there's a better way to prevent and remove CryptoLocker, should you ever become infected.

The Best Way to Prevent and Remove CryptoLocker

By far the best way to prevent and remove CryptoLocker and other ransomware / encryption viruses is to educate yourself on the issue and remain vigilant. Articles like this help to spell things out to make it easier to understand why and how malware and viruses work, and most importantly, why antivirus and programs like CryptoPrevent aren't the be-all, end-all solution to the problem.

So, what can you do to help stop ransomware and malware like CryptoLocker? There are a few things that come to mind:

  1. First, don't go clicking haphazardly on links on websites you've never visited before. You should only download files from trusted sources; and even so, don't download and run every program you come across.
     
  2. Secondly, avoid opening email attachments. This is especially true if you did not specifically request an attachment. That also means don't open any email attachments even if it's from someone you know, because the TO: field in an email can be forged, which means that the 'person' who sent you the email didn't actually send it.
     
  3. Third, always keep your antivirus and antimalware definitions up to date, and do a full scan of your computer on a regular basis. Remember, these programs only help to prevent malware infections and they certainly won't detect nor remove 100% of infections.
     
  4. Fourth, you should always keep your operating system up to date -- and if you run Windows XP, you need to get rid of it. Windows Updates are the way to keep Windows up to date. If you don't download Windows Updates on a regular basis, you're effectively leaving a huge gaping hole to allow programs like CryptoLocker into your system. It's worth noting that antivirus and antimalware won't do a lick of good if the virus can get past your defenses and execute undetected.
     
  5. Fifth, make sure your firewall is turned on and configured properly. If you run any version of Windows beyond XP (Service Pack 2), then Windows Firewall is turned on by default. Simply put, firewalls help to block malware and other bad things from getting through to your computer if you're connected to a network, including the Internet. It's worth noting that CryptoLocker can easily spread on a local network, including network shared drives.
     
  6. Lastly, and by far the most importantly, make disk image backups of your operating system and personal files on a daily / every other day basis. Acronis True Image can make disk image backups and has a very extensive set of features. If you ever become infected with CryptoLocker or any ransomware / malware / virus, you can undo the damage 100% by reverting a disk image backup. It also means you won't have to reinstall Windows. It's worth noting that Police in Maine were recently hit with CryptoLocker and were forced to pay the ransom; they later admitted that they didn't have an effective backup plan in place, which would have allowed them a full recovery -- and without having to pay the ransom.

Additional Help From Dennis

As I have stated previously, disk images are by far the best way to protect yourself from CryptoLocker and similar threats, as it would allow to revert Windows back to the way it was before the virus encryption took place. You could also recover most (if not all) of your files from encryption, but that largely depends on many factors, including: how often you backup, the space available to backup, what is being backed up, and the backup strategy being used. If anyone reading this article needs help setting up a bullet-proof backup plan, you are welcome to contact me for remote desktop support.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (7 votes)

Comments

michaeltheclyde's picture

Police in Maine were not recently hit by C/L, not unless you consider 8 months ago or longer recent. C/L was shutdown by operation "Tovar" last August, the servers confiscated and even had it's encryption algorithms figured out. Some are even able to have their files decrypted.
The variants, including "CTB" locker, which operate in a similar fashion have not been shutdown or had their encryption figured out.
If you have encrypted files go to this site - https://www.decryptcryptolocker.com/
set up by "FireEye" and "Fox IT" and follow the directions, you might get lucky. This ONLY WORKS on the now dead C/L, not on CTB or other variants.
If you had VSS and Restore enabled there is a good chance that unencrypted versions of your files are in the shadow copies. "Shadow Explorer" is a freeware program to gain access if your not on a pro, enterprise or ultimate version of windows. Malwarebytes Chameleon has been documented as being able to remove C/L, not sure about other variants.