Error
  • JUser: :_load: Unable to load user with ID: 47

How to block CrypVault ransomware via Group Policy

This was sent to me by a fellow MVP and I thought some of you might be interested in it.

Ransomware is malware that restricts access to a computer and forces the user to pay a ransom to remove the restriction. One variant of ransomware called CrypVault uses the free GnuPG tool (gpg.exe) to encrypt your files. Normally, this tool and an associated library file will be copied to the user’s %temp% folder.

The malware next executes GnuPG, which starts the encryption process. It will generate an RSA-1024 public and private key pair used in the encryption of the files to which the user has access. It looks for specific files like Microsoft Office files, *.zip, *.pdf, *.mdb, *.jpg, and other known file types that will be saved to file shares.

The encrypted files will be renamed to *.vault, and files containing instructions to pay to decrypt the files will be placed on the Desktop and the file shares. To prevent encryption, you can block the .exe files of GnuPG by using a Group Policy Object (GPO). 

Read more.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • Snag-It 2018 - Best Screen Capture Tool - PERIOD!
    Written by

    Da Boss!

    Snag-It 2018 - Best Screen Capture Tool - PERIOD! Well, it's almost here but I was graced by the…
    Read more...
  • Windows 10 Fall Creators Update: Lots of small changes—and maybe the revolution
    Written by

    Da Boss!

    Windows 10 Fall Creators Update: Lots of small changes—and maybe the revolution Hopefully this one will go a little smoother than the…
    Read more...
  • VirtualBox 5.1.30
    Written by

    Da Boss!

    VirtualBox 5.1.30 If you are looking for a VM program\utility that can…
    Read more...
  • Microsoft employees can now work from tree houses
    Written by

    Da Boss!

    Microsoft employees can now work from tree houses Damn...can't seem to find my resume. How freaking cool would…
    Read more...
  • US CERT advisory: severe flaw in popular WiFi security protocol WPA2 leaves WiFi traffic open to eavesdropping, connection hijacking, and malicious injection
    Written by

    Da Boss!

    US CERT advisory: severe flaw in popular WiFi security protocol WPA2 leaves WiFi traffic open to eavesdropping, connection hijacking, and malicious injection And I haven't even finished my first cup of coffee…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.