Cryptolocker Prevention Kit 27

Post to Twitter Post to Facebook Post to StumbleUpon

This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit.

The SMBKitchen Crew and Third Tier staff have put together a group materials that were published as part of our SMBKitchen Project and only available to subscribers. However because this virus is spreading so rapidly and is so serious we’ve decided to make these materials available to everyone.

The kit includes an article on cleaning up after infection but more importantly provides materials and instruction for deploying preventative block using software restriction policies. The articles provide instruction for installing them via GPO on domain computers and terminal servers, and non-domain joined machines too. We have also provide GPO settings that you can important into your environment.

We’ve zipped it up into a single file. Download it now

If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at

UPDATE: There have been two recent updates to the kit. These are found on our blog. Please be sure that you subscribe to our blog for continued information on this topic. and All future updates will be posted to our blog and this post may not be updated.

I can’t tell you how much time and money I’ve wasted on explaining my business to CPA’s. I recommend you don’t do that and instead hire Rayanne to Tech Your Books. She can solve problems and get your books setup so you can make money. She’s an MCSE and an Accounting professional. A rare combination that means she can Tech Your Books.

Leave a comment

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.

27 thoughts on “Cryptolocker Prevention Kit

  • Pingback: CryptoLocker: A Non-Technical Overview | Second Star Technologies

  • Pingback: Week of October 28: GA of Windows Server/System Center (and getting started) and new RDP clients for iOS, Android, and OSX - Server and Cloud Partner and Customer Solutions Team Blog - Site Home - TechNet Blogs

  • Pingback: Ransomware: Hello Critroni and Goodbye Cryptolocker « Calyptix Security Calyptix Security

  • Pingback: How to Move Computers in and out of a Group Policy |

  • Pingback: Exempting a Program from Software Restriction Policies |

  • frank clay

    Thanks for the kit, it saves a bit of time, however it would be nice if you could remove the shortcut from the policy – computer/pref/windows/shortcuts..thanks

  • Gabe

    If it’s good enough for SBS Diva, Susan Bradley, it’s good enough for me …

    “For those comfortable with Windows’ Group Policy and who have a domain controller on their network, Third Tier’s Cryptolocker Prevention Kit includes temp file–location blocking that works across networks. I use it in my own firm and help put together CryptoLocker-resistant group policies.”

    • Third Tier

      Thanks for the link, Gabe. There are many updates to this too. Search for crypto in our blog for all of our recommendations and how-to’s on blocking these nasty ransomware

  • Michael

    Ok, so what gives with blocking say %AppData%\*.exe

    Reading the docs here

    It sounds like it should block for all subfolders as well….. but on my Windows 7 box it does not.

    If I add the additional

    Path: %AppData%\*\*.exe then it blocks one subfolder but thats it??

    P.s. I think there is a typo in the guide it has

    Path: %lAppData%\*\*.exe with an ‘I’ in front of the AppData

  • Michael

    Looks like you really want to just use


    This will block all sub folders as well as block all designated file types

    • Third Tier

      Jack – The invitations get sent at the end of each day in batch. If you don’t find it please check spam. It is a OneDrive sharing invitation. – Amy

  • Vincent

    (We have also provide GPO settings that you can important into your environment.)
    I think you meant to type Import not important into your environment

    • Third Tier

      Gary – please go to and open a ticket including you paypal email address. I send the kits every night. I can resend yours.


        Sorry for being late responding. They got back to me after I submitted a ticket and they resent the email to me and I got the information. Thanks ! Gary.

  • Ozgur ASLAN

    Hello there,
    I would like to get your Ransomware Prevention Kit, but I cannot make a donation as PayPal activities are stopped here in Turkey.
    Can you show me a way to get the kit?