Cryptolocker Prevention Kit updates 17

Post to Twitter Post to Facebook Post to StumbleUpon

This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit.

The Cryptolocker Prevention Kit has been updated with additional information. If you have downloaded the kit previously you need to obtain the NewCryptolockerWarning doc and the Ways to Add Exemptions doc to update your kit.

In these documents Susan Bradley has added new information about additional methods to block it and explains the why and how of the “tell” that I used in the GPO and also summarizes the blog posts that we’ve made on how to exempt your frequently reinstalled apps or those that MUST run from the blocked location from your policies.

We hope that you find this information useful and thanks for your continued feedback and support of the SMBKitchen Project!

If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at

I can’t tell you how much time and money I’ve wasted on explaining my business to CPA’s. I recommend you don’t do that and instead hire Rayanne to Tech Your Books. She can solve problems and get your books setup so you can make money. She’s an MCSE and an Accounting professional. A rare combination that means she can Tech Your Books.

Leave a comment

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.

17 thoughts on “Cryptolocker Prevention Kit updates

  • Irshad Khan


    One of our clients got infected by cryptowall but fortunately they had a solid backup plan.

    I noticed that the malware placed a randomly named exe file in %UserProfile%\Application Data\.
    Perhaps you could update your excellent cryptolocker prevention kit to include this path in restrictions because %localAppData%\ only protects “C:\Users\Me\AppData\Local” and NOT the root “C:\Users\Me\AppData”.

    Kind regards.

    • Third Tier

      The URL needs to be updated. We are in a middle spot with our migration to new infrastructure. Remove the WWW from the URL and it will work as expected. Sorry for the trouble

  • Mitchell Milligan

    I built a powershell script to create/import/link to domain root for these policies. This automates the process of having to manually create and import these policies. We have decided to just place these restrictions on the entire domain, rather than a specific OU, so this script serves that purpose. If anyone is interested in this script, please let me know via email: milligan(dot)mitchell(at)gmail(dot)com.

    • Third Tier

      Thanks for the sharing offer Mitchell. I’m sure the community will appreciate it. If you like to share with us, I will promote it in a primary blog post and make it available for download rather than down here in a comment for you.

    • Mitchell Milligan

      I have sent the link to the installer to Amy as indicated, and hopefully this will be posted for the public use. If you still can’t find it, or if you have any questions, please let me know.

  • Pingback: Secuestrando tu Intimidad…

  • Pingback: Cryptolocker Prevention Kit... - Small Office Systems LLC

  • Pingback: Comment supprimer CryptoLocker Ransomware , rançongiciel ? ← Dico Micro

  • Pingback: CryptoLocker Prevention: Top 12 Defenses Against Business Loss | Streamline

    • Third Tier

      Bruno – gmail almost always puts the email into spam. Please have a look there. Also be sure hat you are looking in the email account for the paypal account from which up donated since that is the only address I have for you.

  • Daneil

    I never received the kit, can you re-send it to me? I have a gmail account but I checked the spam folder and dont see anything in there for the kit.

    • Third Tier

      Yes email me direct with the address from which you donated and I’ll put on tonights list. You may also want to just log into onedrive using the paypal address that you donated from and you should see the kit there waiting for you.

  • Ted

    Unable to afford a donation…
    Getting held for ransom, trying to learn about avoiding getting held for ransom.
    All this while getting held for Ransom…