Endpoint Protection

 View Only
  • 1.  CBT-Locker Ransomeware IPS signature

    Posted Feb 03, 2015 03:47 AM

    Hi, Is there a Symantec IPS signature for CBT-Locker Ransomeware that we can block on the SEP Managers?

    Thanks,

    Gadaffi



  • 2.  RE: CBT-Locker Ransomeware IPS signature

    Posted Feb 03, 2015 03:54 AM

    See below blog

    Support Perspective: CTB-Locker and other forms of Crypto malware

    https://www-secure.symantec.com/connect/app#!/blogs/support-perspective-ctb-locker-and-other-forms-crypto-malware

     

    Some of mick2009 good articles

    Is there a Fixtool to Recover Files Encrypted by Ransomware?

    https://www-secure.symantec.com/connect/forums/there-fixtool-recover-files-encrypted-ransomware

    Recovering Ransomlocked Files Using Built-In Windows Tools

    https://www-secure.symantec.com/connect/articles/r...
    -
    Ransomcrypt: A Thriving Menace (aka Cryptolocker: A Thriving Menace)

    https://www-secure.symantec.com/connect/blogs/rans...
    -
    Cryptolocker Q&A: Menace of the Year
    https://www-secure.symantec.com/connect/blogs/cryp...



  • 3.  RE: CBT-Locker Ransomeware IPS signature

    Posted Feb 03, 2015 04:07 AM

    Hi James, thanks for the quick response.

    It seems like the page has been removed on the first link as i receive this message: "Page Not Found"

    https://www-secure.symantec.com/connect/app#!/blogs/support-perspective-ctb-locker-and-other-forms-crypto-malware.

    My question is, is there an IPS signature for this threat?

    Thanks and regards,

    MabundaG



  • 4.  RE: CBT-Locker Ransomeware IPS signature
    Best Answer

    Posted Feb 03, 2015 04:11 AM

    My question is, is there an IPS signature for this threat?

    yes you can update defination up-to-date and use IPS

    See full information below blog

    Support Perspective: CTB-Locker and other forms of Crypto malware

    https://www-secure.symantec.com/connect/blogs/supp...

     

    See this thread for full information

    https://www-secure.symantec.com/connect/forums/ransom-cryptowall-virus



  • 5.  RE: CBT-Locker Ransomeware IPS signature

    Posted Feb 03, 2015 04:54 AM

    Thanks James007.



  • 6.  RE: CBT-Locker Ransomeware IPS signature

    Posted Feb 03, 2015 09:21 AM

    Since the links provided don't provide the actual detail, here is the IPS signature to detect Cryptolocker:

    System Infected: Trojan.Cryptolocker

    http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27046