Message Image

Skip main navigation (Press Enter).

Messaging Gateway

View Only

Back to discussions

Expand all | Collapse all

How to block Cryptolocker/cryptowall files?

reza akhlaghyMar 09, 2015 11:34 AM

Hi I want to use SMG to block emails containing Cryptolocker/cryptowall files. Normally they are .ZIP ...

SSE-JDavisMar 09, 2015 11:42 AM

We have many templates built in to block file extensions. Use one of those and set up the actions you ...

Mick2009Mar 23, 2015 07:05 AM

Hi reza akhlaghy, For protection against the latest known samples in circulation, please ensure that ...

1. How to block Cryptolocker/cryptowall files?

0 Recommend
reza akhlaghy
Posted Mar 09, 2015 11:34 AM

Reply Reply Privately
Hi

I want to use SMG to block emails containing Cryptolocker/cryptowall files. Normally they are .ZIP or .CAB attachments which contains a .SCR file. Could someone please tell me how to create a proper rule to block such emails?
2. RE: How to block Cryptolocker/cryptowall files?

0 Recommend
Broadcom Employee

SSE-JDavis
Posted Mar 09, 2015 11:42 AM

Reply Reply Privately
We have many templates built in to block file extensions. Use one of those and set up the actions you want taken. Never start out by making a rule delete anything. Always quarantine or mark the subject line to test and make sure the rule acts on the messages you want it to.
3. RE: How to block Cryptolocker/cryptowall files?

0 Recommend
Mick2009
Posted Mar 23, 2015 07:05 AM

Reply Reply Privately
Hi reza akhlaghy,

For protection against the latest known samples in circulation, please ensure that you are updating the SMG with Rapid Release definitions at least a couple times per day.

Obtaining definitions when a new, emerging threat is discovered
http://www.symantec.com/docs/HOWTO53892

A good thread on how to protect yourself: https://www-secure.symantec.com/connect/forums/cryptolockercryptodefense-defenses

Hope this helps!

Mick

Copyright 2019. All rights reserved.

Powered by Higher Logic