Cryptolocker Prevention Script Available 9

Post to Twitter Post to Facebook Post to StumbleUpon

This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit.

Reader Mitchell Milligan has created a script to automate the deployment of the Cryptolocker Prevention group policies. Do note that Mitchell’s script is putting the policies at the root of the domain rather than at the OU level. This means it will be applied to ALL Machines in the domain. Often times this will be fine but if not then you might want to deploy the policies individually to the OU’s you want.

Mitchell says:

I built a powershell script to create/import/link to domain root for these policies. This automates the process of having to manually create and import these policies. We have decided to just place these restrictions on the entire domain, rather than a specific OU, so this script serves that purpose.

Mitchell requests: The terms I request with the script is that anyone who uses it may do so for free, however they may not modify the contents of the package and then sell it to others.  Some info about the script: the script requires PowerShell v3 in it’s current state and contains a Readme file with specifics on what the script does.

Click here to download the script.

Be sure to read everything that we’ve published about these Crypto viruses. Read all about it They are very common and devastating. Test this script and our policies on yourself in a test environment before you deploy to your clients. Be safe!


Not a Third Tier customer yet? Let me introduce:  We’re Third Tier. We provide advanced Third Tier support for IT Professionals and MicroStaffing for IT consulting firms. Come on over, create an account (no charge) and follow our social media locations.

Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

Leave a comment

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.

9 thoughts on “Cryptolocker Prevention Script Available

  • Scott

    I have deployed this to many of my customers and starting to find some issues when trying to install Office 2013. I have not had time to look at what files/folders need to be excluded, is there a know list of files/folders for Office installs? For time sake I just disable the policy during installs.

    If not, I will review event logs to determine exclusions.


    • Third Tier Post author

      In the kit you will a document on software restriction policy exclusions. There is an example of how to exclude Microsoft Office.

  • Mitchell Milligan

    Hello Everyone,
    Mitchell here again. I am very happy this script is helping many users out. As the ThirdTier commenter said, you can add exclusions. Additionally, since it simply creates a link enabled to the GPO, you can apply this to any sub-ou by simply removing the link from the root of the domain and then adding a link to the OU you wish to enable it on. Additionally, we have created an OU that this script does not apply on so that when we do modifications to systems we can temporarily move that device to the “Whitelisted” OU and conduct whatever operations are needed rather than disabling it domain wide, risking allowing a potentially dormant virus to kick off. If you have any questions on this, please feel free to contact me to discuss further. milligan (dot) mitchell (at) gmail (dot) com and I would be happy to elaborate on it or discuss specific implementations. I am so tired of these viruses that I am trying to do my part to help destroy and negate the effects of this terrible virus. My last disclaimer/note is that just because of these prevention techniques, it is still ABSOLUTELY CRITICAL to have good backups if your system. When you get hit by one of these viruses, it is typically only possible to restore from backups or risk getting infected from a damaged file, so make sure you have solid historical backups.

  • Jamie Godsey

    I made a donation and I haven’t received the ransomeware kit.
    When will i expect to receive it? Or How do I download it?


    • Third Tier Post author

      Jamie. It arrives as as onedrive invitation from an email address. It would have been delivered to your paypal email address and often lands in spam. You can always email or open a ticket with us if you can’t find and it will be resent. Please include the email address from which you donated or the paypal receipt so we can verify