4. Intrusion Prevention Systems, Next-Generation Firewalls
Intrusion prevention systems can block the communications protocol send from the Cryptolocker infected system to the remote command-and-control server where the malware retrieves the key to encrypt the files. Blocking the communications can prevent the encryption from taking place. Security firms have figured out the Cryptolocker algorithm that produces about 1,000 unique domain names every day, said Malwarebytes' Segura.
By monitoring the domains to determine the IP addresses attempting to connect to them, security researchers have determined that the U.S. and U.K. are the most affected countries followed by India, Canada and Australia. Researchers at Kaspersky Lab said the threat gives infected systems three days to pay for the key to unlock the encrypted files. Both next-generation firewall appliances and intrusion prevention systems have the ability to provide this kind of protection, say solution providers.