?
Solved

Cryptolocker - hitmanpro.alert

Posted on 2013-11-16
5
Medium Priority
?
715 Views
Last Modified: 2014-01-07
I am seeing a beta release of hitmanpro.alert

http://www.surfright.nl/en/alert

Claims to block cryptolocker

How effective is it

Can it be rolled out across a small network (50 Users say)

Will it protect a PC/server if the user opens an infected email or is it just a web browser driven thing ?

( I already know about using software restriction policies and CryproPrevent and many clients have sonicwall gateway and I am seeing some claims that its IPS Gateway security is effective at blocking this  - any idea how true this is)
0
Comment
Question by:cpmcomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39654169
you probably should take advice from this too
http://www.us-cert.gov/ncas/alerts/TA13-309A

the bleepingcomputer link on CryptoLocker Ransomware Information Guide and FAQ is useful

How to prevent your computer from becoming infected by CryptoLocker
http://www.bleepingcomputer.com/virus-removal/CryptoLocker-ransomware-information#prevent
0
 
LVL 25

Accepted Solution

by:
Blue Street Tech earned 1000 total points
ID: 39654387
Hi cpmcomputers,

Yes, it's very true that they block this type of attack. SonicWALL Gateway AntiVirus & IPS provide protection against this threat via the following signatures:
GAV: Filecoder.BQ (Trojan)
GAV: Filecoder.BQ_2 - 4(Trojan)
GAV: Filecoder.BH (Trojan)
GAV: Filecoder.BH_2 - 5 (Trojan)
GAV: Filecoder.W (Trojan)
GAV: Filecoder.NAC (Trojan)
GAV: Filecoder.NAC_2 - 4(Trojan)
GAV: FileCoder.A (Trojan)
GAV: FileCoder.A_2 - 36 (Trojan)
IPS: Cryptolocker Infection key fetch attempt 1
REF: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=601

Let me know if you have any other questions!
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points
ID: 39654430
hitpro is browser guard which cryptolocker doesnt seems to be injecting into it and its infection vector is (mostly)  via attachment in phished email. So i do not really see it preventing. there are couple of detection by most AV (reactive) and even nessus as long as the indicator of compromise is blacklisted e.g. those call backs

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/
https://discussions.nessus.org/thread/6799
0
 
LVL 64

Expert Comment

by:btan
ID: 39658245
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question