CryptoLocker is a nasty beast of a bug causing all manner of havoc. If it's done nothing else, one positive impact it has had on IT is that we're making sure our backups aren't being ignored.
One of the hardest parts still, though, is finding what got hit, and who got hit, and in a timely enough manner to minimize the damage done. Part of that problem is that there is no scanner that can definitively detect CryptoLocker encrypted files, specifically because they just look like any encrypted file; there is no virus fingerprint to be had.
So, how to scan for its fingerprints proactively? It seemed like a nearly impossible task (I'm no malware expert, so figuring out how to detect something like this isn't my forte). When I started digging in to the problem, though, I did learn a few key pieces to the puzzle.
Read More