Solved

Cryptolocker - hitmanpro.alert

Posted on 2013-11-16
5
666 Views
Last Modified: 2014-01-07
I am seeing a beta release of hitmanpro.alert

http://www.surfright.nl/en/alert

Claims to block cryptolocker

How effective is it

Can it be rolled out across a small network (50 Users say)

Will it protect a PC/server if the user opens an infected email or is it just a web browser driven thing ?

( I already know about using software restriction policies and CryproPrevent and many clients have sonicwall gateway and I am seeing some claims that its IPS Gateway security is effective at blocking this  - any idea how true this is)
0
Comment
Question by:cpmcomputers
  • 3
5 Comments
 
LVL 61

Expert Comment

by:btan
ID: 39654169
you probably should take advice from this too
http://www.us-cert.gov/ncas/alerts/TA13-309A

the bleepingcomputer link on CryptoLocker Ransomware Information Guide and FAQ is useful

How to prevent your computer from becoming infected by CryptoLocker
http://www.bleepingcomputer.com/virus-removal/CryptoLocker-ransomware-information#prevent
0
 
LVL 24

Accepted Solution

by:
diverseit earned 250 total points
ID: 39654387
Hi cpmcomputers,

Yes, it's very true that they block this type of attack. SonicWALL Gateway AntiVirus & IPS provide protection against this threat via the following signatures:
GAV: Filecoder.BQ (Trojan)
GAV: Filecoder.BQ_2 - 4(Trojan)
GAV: Filecoder.BH (Trojan)
GAV: Filecoder.BH_2 - 5 (Trojan)
GAV: Filecoder.W (Trojan)
GAV: Filecoder.NAC (Trojan)
GAV: Filecoder.NAC_2 - 4(Trojan)
GAV: FileCoder.A (Trojan)
GAV: FileCoder.A_2 - 36 (Trojan)
IPS: Cryptolocker Infection key fetch attempt 1
REF: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=601

Let me know if you have any other questions!
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
ID: 39654430
hitpro is browser guard which cryptolocker doesnt seems to be injecting into it and its infection vector is (mostly)  via attachment in phished email. So i do not really see it preventing. there are couple of detection by most AV (reactive) and even nessus as long as the indicator of compromise is blacklisted e.g. those call backs

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/
https://discussions.nessus.org/thread/6799
0
 
LVL 61

Expert Comment

by:btan
ID: 39658245
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now