Endpoint Protection

Which definitions protect against Jaff Ransomware?  If detected, what would it be called, so I can search for it in our SEPM?

Symantec refers to Jaff as Ransom.Enciphered

AV detection:

https://www.symantec.com/security_response/writeup.jsp?docid=2014-050702-0428-99

IPS detection:

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28713

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28019

Technical details:

https://www.symantec.com/security_response/writeup.jsp?docid=2014-050702-0428-99&tabid=2

Symantec has multiple detections for all the ransomware over the past couple weeks. Some are generically named. As long as you're up to date you are protected.

This article provides additional guidance:

https://www.symantec.com/connect/articles/hardening-your-environment-against-ransomware

looks like symantec is aware of this ransonware and its detect by the name Ransom.Enciphered mick has already answered this in other thread

https://www.symantec.com/connect/forums/ransomware-attack-wannacrywanna#comment-11824961

It's called 'Ransom.Enciphered'

http://lmgtfy.com/?q=ransom.enchipered+symantec

Hi ed16 and other stakeholders,

Known samples of Jaff are indeed detected.  For additional clarity, we will soon start detecting them as Ransom.Jaff rather than any previous name.

Jaff is frequently dropped by malicious .pdf documents.  Please be very wary of these unexpected .pdfs which prompt end users to click, open, enable etc!

Support Perspective: W97M.Downloader Battle Plan
https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan

Also see:

Hardening Your Environment Against Ransomware
https://www.symantec.com/connect/articles/hardening-your-environment-against-ransomware

Please do update this thread with any additional queries, or mark it solved if you have received your answer!

Ransom.Jaff
https://www.symantec.com/security_response/writeup.jsp?docid=2017-052507-2902-99