Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware Packages - Extensions Used for Delivery To Standard User


  • Please log in to reply
5 replies to this topic

#1 bluerussian

bluerussian

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 07 July 2016 - 08:11 PM

All,

 

I provide support to a number of clients who use windows server boxes and all have some sort of active directory and the ability to apply group policy.  I've recently been trying to implement applocker to lock down executables and where they can run from.  I noticed that the default rules created by applocker only apply to .exe files.  A .msi I tested running is excluded and can run. 

 

The packages that deliver the ransomware codes, do they come in forms other than .exe?  Is there a list somewhere I can reference so I can try and cover as many variables in the applocker setup?

 

THANKS!



BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:01:52 PM

Posted 08 July 2016 - 08:59 AM

bluerussian

 

Look: 

 

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:52 AM

Posted 11 July 2016 - 01:37 AM

Ransomware can also come in .js, .jse, .vbs, and macroed document files.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:52 AM

Posted 11 July 2016 - 05:41 AM

Please read section :step2: in this topic which explains the most common methods Crypto malware and other forms of ransomware is typically delivered and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 bluerussian

bluerussian
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 13 July 2016 - 07:55 PM

Thanks guys,

 

I have cleaned at least a dozen or two dozen of these infections at this point and every time it's via email and the "You have an invoice" method...  We have implemented spam protection for a lot of our clients which keeps out a lot of things but app locker is just another layer of defense that is available to us and I'm exploring.

 

I'm seeing app locker as a last line of defense should a zero day email get through or something of that sort. 

 

 

I just realized why you sent me Russian links too.  Thanks for the consideration but the name is just an internet handle I use.  It's also a drink and a cat breed :)


Edited by bluerussian, 13 July 2016 - 08:01 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:52 AM

Posted 13 July 2016 - 07:58 PM

The user is the first and last line of defense and security is a constant effort to stay one step ahead of the bad guys. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing and stay informed.

Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.

Krebs on Security

Unfortunately, it as been proven time and again that the user is a more substantial factor (weakest link) in security than the architecture of the operating system or installed protection software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users