Endpoint Protection

Hi Team,

just wanted to know which virus defs covers BlackHeart Ransomware. On Virustotal.com

Virustotal shows the date which Symantec detects it with. Make sure that revision is loaded. Anything after 5/2/2018

Brian did not get you. Can you please explain me in deep

What? Just make sure you have the latest content loaded. Virustotal shows results using the latest content available. 5/9/2018 rev.3 is the latest from Symantec so make sure your clients are at that revision.

Thanks Brain for update.

May I have the article for the same.

Hello Brian,

Thanks for the udpate.As you mentioned in the first post the definition can be anything after 2 May. Do we have any article from Symantec as i need to share the same with client.

Regards

Nilesh

There are no public articles from SYMC, yet. If you want an official statement from SYMC then contact them or wait for one of their employees to post on this thread with info.

Hi Ambesh,

Sounds like you are asking about https://www.virustotal.com/en/file/a85173ef5572f316df839e63b4e1526e97e5f123ae73f898b872baa6a5a9711f/analysis/​ or maybe https://www.virustotal.com/en/file/93ef2fa0328042928677009615f67ff52fc95cc32f872a32cebadc370a30c3e5/analysis/ -?  (In Connect posts, please do specify which file you are asking about!)  In either case, detection has been added under generic names. 

This article may be of interest:

Does Symantec Detect This: An Illustrated Guide to Public Hash Submission
https://www-secure.symantec.com/connect/articles/does-symantec-detect-illustrated-guide-public-hash-submission

It's important to note that new variants of ransomware are constantly appearing in the threat landscape.  Harden the environment against them, educate end users what to do when encountering suspicious files and activity, and prepare to backup and recover swiftly from any form of disaster (malware infection, fire, etc etc)...

Hope this helps!

Hi Mick,

Please let me know if we have any article from Symantec

Not sure what you mean-? Consider this mail thread true and accurate.  &: )

Hello Mick,

Thanks for your reply.We just wanted to know if the threat Blackheart Ransoware is detected and mitigated by SEPM 12.1 using which virus definition.We need to update the management that our environment is protected.

Yes we were refering to the link https://www.virustotal.com/en/file/93ef2fa0328042928677009615f67ff52fc95cc32f872a32cebadc370a30c3e5/analysis/.It is the only link stating Symantec has detected it.

Regards

Nilesh

Mick,

We have found BlackHeart Ransomware virus in April last week. And Virustotal.com shows that  symantec deteced  BlackHeart Ransomware  as trojan.gen.2.

So now my question is which virus definition covers BlackHeart Ransomware virus. If any then please share the article with me.

Hello again,

VT shows that this hash has been detected as Trojan.Gen.2 since at least 20180502 (2 May 2018).  New ransomware variants and samples are constantly seen so please act upon these recommendations:

Hardening Your Environment Against Ransomware
https://www.symantec.com/connect/articles/hardening-your-environment-against-ransomware

Hi there - just a ping to see if there are any additional questions?  This post is still marked "Thread Needs Solution "

Hello Mick, Thanks for reply.Kindly share if you have any article from Symantec.