You only need CryptoLocker samples, see above. Also, Hitman Pro has a tool as does BitDefender, both are very effective. FoolishIT also has one call CryptoPrevent. Use one of those.
I have been testing in a sandbox that i created the samples of just Crytolocker, to Test Kaseya MB and AV both do not detect it, AV will if its just CryptoLocker which is good but the ones we see have rootkit attached, as 1 user just received this pc fresh install of our image 4 days prior to infection. I have tested FoolistIT tool and it does work but still testing, client is to stubborn to allow us to do a GPO to help with issue.
MBAM works fine for us and is usually quick to update if you find that they do not catch the infection. You may also elect to submit said sample so that they can add the rules in.
We are working with MBAM and Kaseya both to give us answers as stated before CL by itself AV will detect and stop and free version of MBAM as well will stop it but our MBAM Pro 1.50 does not detect it at all. So I have been submitting samples of any variant I can get my hands on to provide them data to help us out.
Given there are good preventive measures and tools like FoolishIT, but the client just takes our plan of action and puts aside and wants Kaseya AV and MBAM Pro from them to be the tools to correct the issue. Pretty much beatting my head against the wall since this client wont take any real action to stop it but oh well, still researching and gathering information to help others at least.
