crilock.a (CRYPTOLOCKER HIJACK)

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Not applicable

crilock.a (CRYPTOLOCKER HIJACK)

Does any one knows if this has been detected and addresed by PAN, just trying to stay informed, could not find it in the latest virus definitios update

Thanks

Luis Cabrera

Highlighted
L7 Applicator

Hello,

At this time, only antivirus signatures for PE viruses (executables) are in the threat vault, aside from the vulnerability and anti-spyware signatures.  I have checked with www.virustotal.com, the virus information is available there. So, I would expect to be available with the PAN antivirus database as well. If PAN is unable to detect the virus through it, you can open a ticket with us and we will address into the next AV database.


Thanks

Highlighted
Not applicable

Thanks for the replay, I checked vt.com as well and went throught the release notes for the lates av definitions on the PAN device, i could not mach the name that is why I posted here, just to make sure, at this point i guess we just have to hope for the best

Luis

Highlighted
L7 Applicator

Yes Luis, Hope for the best.

Just an advice, can you make sure packet captures are enabled for the Antivirus Security Profile? It will take a packet capture of the threat, if affected by any virus ( i.e. crilock.a (CRYPTOLOCKER HIJACK) .


Have a nice day.!!!

Thanks

Highlighted
L4 Transporter

Hello,

This is currently in the pipeline, we're working on covering this threat in the upcoming AV releases.

Thanks,

Aditi

Highlighted
L4 Transporter

Is this virus detected now?
What is the name of the signature?

Jo Christian

/Jo Christian
Highlighted
L4 Transporter

To answer my own question..

Seems like it's called: Trojan-Ransom/Win32.blocker.shk

Jo Christian

/Jo Christian
Highlighted
L4 Transporter

How do I confirm my PA is actively scanning traffic for this threat? I need to report this to my security team so they know we have safeguards in place for it.

Highlighted
L5 Sessionator

Hello Mario,

Threat vault shows that we have 7 signatures for crilock - one of them is crilock.a

criclock.PNG.png

Thanks and regards,

Kunal Adak

Highlighted
L4 Transporter

Kadak,

Thanks for the quick response! :smileyhappy: I've seen this in the vault. I am just wondering where I can see a list of these signatures on the firewall? Perhaps there is a release note showing these signatures listed so we we know they are covered? The current release notes for anti-virus 1147-1601 and 1146-1600 don't show these signatures listed (these are the current databases we have on our firewall).

Thanks!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!