Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypto Epidemic Corporate Issue Please Help


  • Please log in to reply
18 replies to this topic

#16 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:42 PM

Posted 24 December 2015 - 05:43 AM

Hi billo1007,
 
From those names, I can tell you that it was likely the Angler exploit kit that dropped the ransomware and it used a Javascript exploit, so something like Malwarebytes-AntExploit should have mitigated the attack.
I would also look into making sure the systems are updated, as this can reduce the chance of an exploit kit being able to misuse unpatched outdated software.
 
Those are leftovers, on their own they could not activate malware.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


BC AdBot (Login to Remove)

 


#17 billo1007

billo1007
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 24 December 2015 - 06:27 AM

Hi billo1007,
 
From those names, I can tell you that it was likely the Angler exploit kit that dropped the ransomware and it used a Javascript exploit, so something like Malwarebytes-AntExploit should have mitigated the attack.
I would also look into making sure the systems are updated, as this can reduce the chance of an exploit kit being able to misuse unpatched outdated software.
 
Those are leftovers, on their own they could not activate malware.
 
xXToffeeXx~

 

Thanks for this Toffee we are considering buying MBAM Anti Exploit given how cheap it is. Thanks for all the help on this guys. 

 

IF anybody has any step by step technical steps or explanations on how this occurs on the machine or a wireshark/code capture of it please post up! 



#18 billo1007

billo1007
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 24 December 2015 - 10:37 AM

https://blogs.sophos.com/2015/07/21/a-closer-look-at-the-angler-exploit-kit/

 

For anyone who is interested in a technical breakdown. 



#19 billo1007

billo1007
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 24 December 2015 - 12:15 PM

Additionally more great reading, best thing ive seen on the web about this. https://heimdalsecurity.com/blog/ultimate-guide-angler-exploit-kit-non-technical-people/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users