Prevent CryptoLocker on Server

Question

Are there any ways to prevent files associated with CryptoLocker, to be propagated to a data server, by means of a back up?

We use Cobian as our backup system, and it backs up the user's directory to a separate drive on the server. I have found some traces of CL on the backup drive, and subsequently deleted them the moment they were detected.

I usually isolate the computer from the network, and do an intensive anti-malware (Malware Bytes') and anti-spyware (AVG / Windows Defender) scans. I also delete any executable files from %AppData%.

What are some guidelines to keep in mind?

We run Windows SBS 2011 and PCs are not connected via domains, only via workgroups. However, everyone accesses the server in some sort of way, by means of a Active Directory Username.

Is there a way to block associated CL files from being copied to the server?

Answer 1

This is an old piece of malware. Though technology isn't a panacea, if you're having this problem it seems like your technical protection needs an update.

If updated, I feel like offering that if it were easy to do this at a server it would already be implemented at the workstations: To identify files associated with CryptoLocker you need a signature, and if you have a signature you have an antivirus scanner. In this loop, the better your AV process is the fewer files (by signature) you'll get/keep on your server.

You can improve this by moving towards IOC-based systems, but that changes the game since you're in front of the signature vendors.

To keep CryptoLocked files off your server, scanners exist to help identify them at this question.