Solved

Cryptolocker - hitmanpro.alert

Posted on 2013-11-16
5
681 Views
Last Modified: 2014-01-07
I am seeing a beta release of hitmanpro.alert

http://www.surfright.nl/en/alert

Claims to block cryptolocker

How effective is it

Can it be rolled out across a small network (50 Users say)

Will it protect a PC/server if the user opens an infected email or is it just a web browser driven thing ?

( I already know about using software restriction policies and CryproPrevent and many clients have sonicwall gateway and I am seeing some claims that its IPS Gateway security is effective at blocking this  - any idea how true this is)
0
Comment
Question by:cpmcomputers
  • 3
5 Comments
 
LVL 62

Expert Comment

by:btan
ID: 39654169
you probably should take advice from this too
http://www.us-cert.gov/ncas/alerts/TA13-309A

the bleepingcomputer link on CryptoLocker Ransomware Information Guide and FAQ is useful

How to prevent your computer from becoming infected by CryptoLocker
http://www.bleepingcomputer.com/virus-removal/CryptoLocker-ransomware-information#prevent
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 250 total points
ID: 39654387
Hi cpmcomputers,

Yes, it's very true that they block this type of attack. SonicWALL Gateway AntiVirus & IPS provide protection against this threat via the following signatures:
GAV: Filecoder.BQ (Trojan)
GAV: Filecoder.BQ_2 - 4(Trojan)
GAV: Filecoder.BH (Trojan)
GAV: Filecoder.BH_2 - 5 (Trojan)
GAV: Filecoder.W (Trojan)
GAV: Filecoder.NAC (Trojan)
GAV: Filecoder.NAC_2 - 4(Trojan)
GAV: FileCoder.A (Trojan)
GAV: FileCoder.A_2 - 36 (Trojan)
IPS: Cryptolocker Infection key fetch attempt 1
REF: https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=601

Let me know if you have any other questions!
0
 
LVL 62

Assisted Solution

by:btan
btan earned 250 total points
ID: 39654430
hitpro is browser guard which cryptolocker doesnt seems to be injecting into it and its infection vector is (mostly)  via attachment in phished email. So i do not really see it preventing. there are couple of detection by most AV (reactive) and even nessus as long as the indicator of compromise is blacklisted e.g. those call backs

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/
https://discussions.nessus.org/thread/6799
0
 
LVL 62

Expert Comment

by:btan
ID: 39658245
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question