Category: Security

CryptoLocker Software Restriction Policies

Identification of Cryptolocker Location of CryptoLocker binaries: %AppData%<random>.exe %LocalAppData%<random>.exe If the malware has executed, one or more of the following registry keys will be present: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun CryptoLocker HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun CryptoLocker_<version> HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce *CryptoLocker HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun <Random> Containing CryptoLocker Stop the binaries from executing by...