@JaredBusch said in CryptXXX ransomware:

@scottalanmiller said in CryptXXX ransomware:

Every time one of these gets broken, it massively lowers the value of making the next one, too.

I see it differently.

Every time one of these gets broken, it highlights how easily the governmental agencies can get into our personal data.

Who said its not the government (NSA) releasing these ransoms ware viruses?

Thanks.

My cousin just got hit with one of these. I was wondering if it was one of the ones with a decryption key available.

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

That's definitely a question

What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.

Agreed

Petya ransomware victims can now unlock infected computers without paying.
http://www.bbc.com/news/technology-36014810

@scottalanmiller said:

FUD

I'm sad to say I had to look this up, and it wasn't nearly what I thought it would be.

@Reid-Cooper do have any documents for the steps to be taken or how this works. So i will recommended to download and check with it.

Bitdefender lauch a new tool to detect ransomware, It's free.

https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

that's just laughable!

Wonder i that is the one my user got. Didn't go that far to find out. just nuked it from orbit.

@scottalanmiller said:

Where DNS != DNS

That was CONFUSING

I knew exactly what @scottalanmiller issue was when I read his post.. I updated my post for clarity.

http://mangolassi.it/topic/6748/do-we-still-need-file-protocols-today

@scottalanmiller said:

Good info, thanks!

Hope no one gets this! 🙂

Ouch, that is pretty serious. That explains why they were so quick to release a tool for cleaning it up!

That's gotten some attention. I have not seen the vendor respond, though!

@jvwelch welcome to MangoLassi!