Endpoint Protection

Hi all,

One of customers have been infected with one variant of @ransomware that no change extension files, so only way to monitor is control MD5 of honeypot files.

I did not found a lot of information so I share with you, looks like other vendor call it CrypMIC, by the Neutrino Exploit Kit.

If any more information is avalaible, please share.

You can find a DLL in tmp DIR.

Thanks,

@rider

Hi Seguridad,

Kindly provide me the sample file.

Also read this http://www.bleepingcomputer.com/news/security/side-by-side-comparisons-of-the-crypmic-and-cryptxxx-ransomware-infections/

The only way to is restore from a known good backup or re-image the machine.

Are you running all components of SEP? How do you have it configured?

Thanks Brian and Ramji,

SEP was updated and configured properly, submision is pending, if you need case number or submission id, I can contact you by PM, but there are not a lot of information about his kind of crypt, only, trend micro has something about it... and I think bleeping just bad-copy the report.

Updated.

Submission identified:

Files Submitted