Originally Posted by feniks
that sounds good enough, the question is how many of safe programs will be locked out from starting once that policy is in place ... most of them store only settings in appdata ... but I wonder how many vendors put executables in there too ...
also, pretty sure the next revision of trojan will randomly place their malware in some other subfolder instead of appdata/roaming ...
Most well coded virii are polymorphic or metamorphic, completely thwarting any form of detection or heuristics, as well as injecting the malware into critical DLLs or system functions. These are the ones that are rarely found, although once you start extorting someone, they know it's there and will not stop until it's found, but if it's coded well enough, it will not be possible to recover your data.
Originally Posted by zooterboy
The weakness for this ransomware would be an effective firewall so that it couldn't contact its servers. I'm sure I'll be working on this stuff soon.
Contacting its servers means nothing. Once you're infected, you haven't done your job and you're too far gone, IF it's coded well enough...
Most recent adaptations use peer to peer hosting, effectively making the other PCs on your network that are infected, it's servers. Regardless, who cares if you do manage to break its contact with its server network? It's still on your system, and unless you comply with the demands, you have a slim chance of recovering your data. If coded correctly, something like this can be a nightmare. All it needs to do is encrypt all of your files with a decent modern algorithm, and it doesn't matter if you break its server contact, your files are inaccessible.