Solved

Cryptolocker - hitmanpro.alert

Posted on 2013-11-16
5
703 Views
Last Modified: 2014-01-07
I am seeing a beta release of hitmanpro.alert

http://www.surfright.nl/en/alert

Claims to block cryptolocker

How effective is it

Can it be rolled out across a small network (50 Users say)

Will it protect a PC/server if the user opens an infected email or is it just a web browser driven thing ?

( I already know about using software restriction policies and CryproPrevent and many clients have sonicwall gateway and I am seeing some claims that its IPS Gateway security is effective at blocking this  - any idea how true this is)
0
Comment
Question by:cpmcomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39654169
you probably should take advice from this too
http://www.us-cert.gov/ncas/alerts/TA13-309A

the bleepingcomputer link on CryptoLocker Ransomware Information Guide and FAQ is useful

How to prevent your computer from becoming infected by CryptoLocker
http://www.bleepingcomputer.com/virus-removal/CryptoLocker-ransomware-information#prevent
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 250 total points
ID: 39654387
Hi cpmcomputers,

Yes, it's very true that they block this type of attack. SonicWALL Gateway AntiVirus & IPS provide protection against this threat via the following signatures:
GAV: Filecoder.BQ (Trojan)
GAV: Filecoder.BQ_2 - 4(Trojan)
GAV: Filecoder.BH (Trojan)
GAV: Filecoder.BH_2 - 5 (Trojan)
GAV: Filecoder.W (Trojan)
GAV: Filecoder.NAC (Trojan)
GAV: Filecoder.NAC_2 - 4(Trojan)
GAV: FileCoder.A (Trojan)
GAV: FileCoder.A_2 - 36 (Trojan)
IPS: Cryptolocker Infection key fetch attempt 1
REF: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=601

Let me know if you have any other questions!
0
 
LVL 64

Assisted Solution

by:btan
btan earned 250 total points
ID: 39654430
hitpro is browser guard which cryptolocker doesnt seems to be injecting into it and its infection vector is (mostly)  via attachment in phished email. So i do not really see it preventing. there are couple of detection by most AV (reactive) and even nessus as long as the indicator of compromise is blacklisted e.g. those call backs

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/
https://discussions.nessus.org/thread/6799
0
 
LVL 64

Expert Comment

by:btan
ID: 39658245
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question