Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cryptolocker - hitmanpro.alert

Posted on 2013-11-16
5
Medium Priority
?
733 Views
Last Modified: 2014-01-07
I am seeing a beta release of hitmanpro.alert

http://www.surfright.nl/en/alert

Claims to block cryptolocker

How effective is it

Can it be rolled out across a small network (50 Users say)

Will it protect a PC/server if the user opens an infected email or is it just a web browser driven thing ?

( I already know about using software restriction policies and CryproPrevent and many clients have sonicwall gateway and I am seeing some claims that its IPS Gateway security is effective at blocking this  - any idea how true this is)
0
Comment
Question by:cpmcomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 65

Expert Comment

by:btan
ID: 39654169
you probably should take advice from this too
http://www.us-cert.gov/ncas/alerts/TA13-309A

the bleepingcomputer link on CryptoLocker Ransomware Information Guide and FAQ is useful

How to prevent your computer from becoming infected by CryptoLocker
http://www.bleepingcomputer.com/virus-removal/CryptoLocker-ransomware-information#prevent
0
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 1000 total points
ID: 39654387
Hi cpmcomputers,

Yes, it's very true that they block this type of attack. SonicWALL Gateway AntiVirus & IPS provide protection against this threat via the following signatures:
GAV: Filecoder.BQ (Trojan)
GAV: Filecoder.BQ_2 - 4(Trojan)
GAV: Filecoder.BH (Trojan)
GAV: Filecoder.BH_2 - 5 (Trojan)
GAV: Filecoder.W (Trojan)
GAV: Filecoder.NAC (Trojan)
GAV: Filecoder.NAC_2 - 4(Trojan)
GAV: FileCoder.A (Trojan)
GAV: FileCoder.A_2 - 36 (Trojan)
IPS: Cryptolocker Infection key fetch attempt 1
REF: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=601

Let me know if you have any other questions!
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1000 total points
ID: 39654430
hitpro is browser guard which cryptolocker doesnt seems to be injecting into it and its infection vector is (mostly)  via attachment in phished email. So i do not really see it preventing. there are couple of detection by most AV (reactive) and even nessus as long as the indicator of compromise is blacklisted e.g. those call backs

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/
https://discussions.nessus.org/thread/6799
0
 
LVL 65

Expert Comment

by:btan
ID: 39658245
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question