crilock.a (CRYPTOLOCKER HIJACK)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

crilock.a (CRYPTOLOCKER HIJACK)

Not applicable

Does any one knows if this has been detected and addresed by PAN, just trying to stay informed, could not find it in the latest virus definitios update

Thanks

Luis Cabrera

10 REPLIES 10

L7 Applicator

Hello,

At this time, only antivirus signatures for PE viruses (executables) are in the threat vault, aside from the vulnerability and anti-spyware signatures.  I have checked with www.virustotal.com, the virus information is available there. So, I would expect to be available with the PAN antivirus database as well. If PAN is unable to detect the virus through it, you can open a ticket with us and we will address into the next AV database.


Thanks

Thanks for the replay, I checked vt.com as well and went throught the release notes for the lates av definitions on the PAN device, i could not mach the name that is why I posted here, just to make sure, at this point i guess we just have to hope for the best

Luis

Yes Luis, Hope for the best.

Just an advice, can you make sure packet captures are enabled for the Antivirus Security Profile? It will take a packet capture of the threat, if affected by any virus ( i.e. crilock.a (CRYPTOLOCKER HIJACK) .


Have a nice day.!!!

Thanks

L4 Transporter

Hello,

This is currently in the pipeline, we're working on covering this threat in the upcoming AV releases.

Thanks,

Aditi

Is this virus detected now?
What is the name of the signature?

Jo Christian

/Jo Christian

To answer my own question..

Seems like it's called: Trojan-Ransom/Win32.blocker.shk

Jo Christian

/Jo Christian

How do I confirm my PA is actively scanning traffic for this threat? I need to report this to my security team so they know we have safeguards in place for it.

Hello Mario,

Threat vault shows that we have 7 signatures for crilock - one of them is crilock.a

criclock.PNG.png

Thanks and regards,

Kunal Adak

Kadak,

Thanks for the quick response! Smiley Happy I've seen this in the vault. I am just wondering where I can see a list of these signatures on the firewall? Perhaps there is a release note showing these signatures listed so we we know they are covered? The current release notes for anti-virus 1147-1601 and 1146-1600 don't show these signatures listed (these are the current databases we have on our firewall).

Thanks!

I think I found what I am looking for. Clicking on the magnifying glass next to signature shows the release the signature was included in. This should work by comparing it to our current version. Thanks a ton!

  • 4965 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!