How does Hypertreading work ?

This very well explained in the next video :

 

 

A way to stop Cryptolocker

____ Install File Server Resource Manager ____

2003R2: Control Panel > Add or Remove Programs > Add/Remove Windows Components
> Windows Components Wizard > Management and Monitoring Tools > Details > File Server Resource Manager

2008(R2): Server Manager > Roles > Add Roles > Add Roles Wizard > Server Roles
> File Services > Role Services > File Server Resource Manager

2012(R2): Server Manager > Manage > Add Roles and Features > Add Roles and Features Wizard > Server Roles
> File and Storage Services > File and iSCSI Services > File Server Resource Manager

____ Server-side protection from further encryption ____

1) Open File Server Resource Manager (Start > Run > fsrm.msc)

2) File Screening Management > File Groups > Create File Group…
File group name: 1-PreventCrypto
Files to include:

Note: After creating the file group, update the entire list easily by running “C:\Windows\1-PreventCrypto-FileGroupUpdate.bat”
See comments within the batch file for usage help.

Note: You can automatically update your file group with the one provided by this website by running “C:\FSRMUPDT\get-fsrmupdt.bat” as a daily scheduled task.
See comments within the batch file for usage help.

*.aaa
*.crjoker
*.cryptotorlocker*
*.ecc
*.encrypted
*.exx
*.ezz
*.frtrss
*.hydracrypt_ID*
*.locky
*.micro
*.r5a
*.ttt
*.vault
*.vvv
*.xxx
*gmail*.crypt
*recover_instruction*.*
*restore_fi*.*
*want your files back.*
confirmation.key
cryptolocker.*
decrypt_instruct*.*
enc_files.txt
help_decrypt*.*
help_recover*.*
help_restore*.*
help_your_file*.*
how to decrypt*.*
how_recover*.*
how_to_decrypt*.*
how_to_recover*.*
howto_restore*.*
howtodecrypt*.*
install_tor*.*
last_chance.txt
message.txt
readme_decrypt*.*
readme_for_decrypt*.*
recovery_file.txt
recovery_key.txt
vault.hta
vault.key
vault.txt
your_files.url
recovery+*.*
*.cerber
*decrypt my file*.*
help_file_*.*
*.coverton
*warning-!!*.*
*+recover+*.*
*_recover_*.*
*rec0ver*.*
_help_instruct*.*
*recover}-*.*
*!recover!*.*
*-recover-*.*
de_crypt_readme.*
*.crypt
help_instructions.*
*decryptmyfiles*.*
decrypt-instruct*.*
*files_are_encrypted.*
*.cryp1
*.rsnslocked
*.zcrypt
*.silent
*.crypz
*.encrypt

FAQ: Why is this list smaller than others offered on the web?
A: Only files known to reach network shares are added here since that’s all FSRM will see. Files dropped/left locally on the infected machine are not added to this list.

3) File Screening Management > File Screen Templates > Create File Screen Template…

Settings tab
Template name: 1-PreventCrypto
Screening type: Passive screening
File groups: Check “1-PreventCrypto”

E-mail Message tab
Subject: Unauthorized file from the [Violated File Group] file group detected
Body:
User [Source Io Owner]
Saved [Source File Path] to [File Screen Path]
On server: [Server]
This file is in the [Violated File Group] file group in FSRM, which generated this alert.
A batch was run to remove all server shares until corrective action is taken.

Event Log tab
Check “Send warning to event log”

Command tab
Check “Run this command or script”
Browse… C:\Windows\1-PreventCrypto.bat
NOTE: you must edit this .bat to include the names of all your shares
Select radio button: “Local System”

4) File Screening Management > File Screens > Create File Screen…
File screen path: C:\ (or just the drive/folder containing shares)
Select radio button: “Derive properties from this file screen template (recommended)”
Select from dropdown: “1-PreventCrypto”

5) File Server Resource Manager (Local) > right-click: Configure options…
Email Notifications tab
Set SMTP server name (use a SMTP relay if you don’t have a mail server on-site)
Set Default administrator (see how to)
Notification Limits tab
Set all to 2 minutes