Hi, Is there a Symantec IPS signature for CBT-Locker Ransomeware that we can block on the SEP Managers?
Thanks,
Gadaffi
See below blog
Support Perspective: CTB-Locker and other forms of Crypto malware
https://www-secure.symantec.com/connect/app#!/blogs/support-perspective-ctb-locker-and-other-forms-crypto-malware
Some of mick2009 good articles
Is there a Fixtool to Recover Files Encrypted by Ransomware?
https://www-secure.symantec.com/connect/forums/there-fixtool-recover-files-encrypted-ransomware
Recovering Ransomlocked Files Using Built-In Windows Tools
https://www-secure.symantec.com/connect/articles/r... - Ransomcrypt: A Thriving Menace (aka Cryptolocker: A Thriving Menace)
https://www-secure.symantec.com/connect/blogs/rans... - Cryptolocker Q&A: Menace of the Year https://www-secure.symantec.com/connect/blogs/cryp...
Hi James, thanks for the quick response.
It seems like the page has been removed on the first link as i receive this message: "Page Not Found"
https://www-secure.symantec.com/connect/app#!/blogs/support-perspective-ctb-locker-and-other-forms-crypto-malware.
My question is, is there an IPS signature for this threat?
Thanks and regards,
MabundaG
yes you can update defination up-to-date and use IPS
See full information below blog
https://www-secure.symantec.com/connect/blogs/supp...
See this thread for full information
https://www-secure.symantec.com/connect/forums/ransom-cryptowall-virus
Thanks James007.
Since the links provided don't provide the actual detail, here is the IPS signature to detect Cryptolocker:
System Infected: Trojan.Cryptolocker
http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27046