topic Re: crilock.a (CRYPTOLOCKER HIJACK) in General Topics

crilock.a (CRYPTOLOCKER HIJACK)

luisrolocq — Tue, 17 Sep 2013 23:37:11 GMT

Does any one knows if this has been detected and addresed by PAN, just trying to stay informed, could not find it in the latest virus definitios update

Thanks

Luis Cabrera

Re: crilock.a (CRYPTOLOCKER HIJACK)

HULK — Wed, 18 Sep 2013 00:42:02 GMT

Hello,

At this time, only antivirus signatures for PE viruses (executables) are in the threat vault, aside from the vulnerability and anti-spyware signatures. I have checked with www.virustotal.com, the virus information is available there. So, I would expect to be available with the PAN antivirus database as well. If PAN is unable to detect the virus through it, you can open a ticket with us and we will address into the next AV database.

Thanks

Re: crilock.a (CRYPTOLOCKER HIJACK)

luisrolocq — Wed, 18 Sep 2013 00:56:14 GMT

Thanks for the replay, I checked vt.com as well and went throught the release notes for the lates av definitions on the PAN device, i could not mach the name that is why I posted here, just to make sure, at this point i guess we just have to hope for the best

Luis

Re: crilock.a (CRYPTOLOCKER HIJACK)

HULK — Wed, 18 Sep 2013 01:09:16 GMT

Yes Luis, Hope for the best.

Just an advice, can you make sure packet captures are enabled for the Antivirus Security Profile? It will take a packet capture of the threat, if affected by any virus ( i.e. crilock.a (CRYPTOLOCKER HIJACK) .

Have a nice day.!!!

Thanks

Re: crilock.a (CRYPTOLOCKER HIJACK)

apasupulati — Wed, 18 Sep 2013 22:34:23 GMT

Hello,

This is currently in the pipeline, we're working on covering this threat in the upcoming AV releases.

Thanks,

Aditi

Re: crilock.a (CRYPTOLOCKER HIJACK)

jochristian — Tue, 15 Oct 2013 09:15:17 GMT

Is this virus detected now?
What is the name of the signature?

Jo Christian

Re: crilock.a (CRYPTOLOCKER HIJACK)

jochristian — Tue, 15 Oct 2013 11:50:50 GMT

To answer my own question..

Seems like it's called: Trojan-Ransom/Win32.blocker.shk

Jo Christian

Re: crilock.a (CRYPTOLOCKER HIJACK)

mario11584 — Mon, 18 Nov 2013 19:42:07 GMT

How do I confirm my PA is actively scanning traffic for this threat? I need to report this to my security team so they know we have safeguards in place for it.

Re: crilock.a (CRYPTOLOCKER HIJACK)

kadak — Mon, 18 Nov 2013 19:51:16 GMT

Hello Mario,

Threat vault shows that we have 7 signatures for crilock - one of them is crilock.a

Thanks and regards,

Kunal Adak

Re: crilock.a (CRYPTOLOCKER HIJACK)

mario11584 — Mon, 18 Nov 2013 20:00:44 GMT

Kadak,

Thanks for the quick response! I've seen this in the vault. I am just wondering where I can see a list of these signatures on the firewall? Perhaps there is a release note showing these signatures listed so we we know they are covered? The current release notes for anti-virus 1147-1601 and 1146-1600 don't show these signatures listed (these are the current databases we have on our firewall).

Thanks!

Re: crilock.a (CRYPTOLOCKER HIJACK)

mario11584 — Mon, 18 Nov 2013 20:11:44 GMT

I think I found what I am looking for. Clicking on the magnifying glass next to signature shows the release the signature was included in. This should work by comparing it to our current version. Thanks a ton!