Error
  • JUser: :_load: Unable to load user with ID: 47

How to block CrypVault ransomware via Group Policy

This was sent to me by a fellow MVP and I thought some of you might be interested in it.

Ransomware is malware that restricts access to a computer and forces the user to pay a ransom to remove the restriction. One variant of ransomware called CrypVault uses the free GnuPG tool (gpg.exe) to encrypt your files. Normally, this tool and an associated library file will be copied to the user’s %temp% folder.

The malware next executes GnuPG, which starts the encryption process. It will generate an RSA-1024 public and private key pair used in the encryption of the files to which the user has access. It looks for specific files like Microsoft Office files, *.zip, *.pdf, *.mdb, *.jpg, and other known file types that will be saved to file shares.

The encrypted files will be renamed to *.vault, and files containing instructions to pay to decrypt the files will be placed on the Desktop and the file shares. To prevent encryption, you can block the .exe files of GnuPG by using a Group Policy Object (GPO). 

Read more.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.