Jump to content
rpetrie

Ransomware and Antivirus

Recommended Posts

I've been using Malwarebytes Anti-Ransomware Beta (MARB) - thank you for the peace of mind. I get blocking alerts everyday from avast antivirus of the form:

smb//118.193.29.6/nsacve-2017-0144_EternalBlue

which a google search identifies as a ransomware threat. What's surprising to me is that MARB does not react to these threats, and does not list them as having occurred. Is this because they have been thwarted by a/v and the threats never touch the software. If this is what's happening, my enthusiasm for MARB is not diminished - I'm happy to have the extra layer of protection - but thought I'd check.

rptetrie

Share this post


Link to post
Share on other sites

Hi @rpetrie,

Welcome to Malwarebytes!

EternalBlue was the SMB exploit used in the recent WannaCry Ransomware.  This activity searches for vulnerable endpoints and if one is found, it will transmit and execute the ransomware.  You can check out our blog : https://blog.malwarebytes.com/cybercrime/2017/05/how-did-wannacry-ransomworm-spread/

It sounds like your avast av is flagging these network queries (which might also mean that you are in a network where at least 1 node is infected).

MBARW is not flagging this activity is because it does not indicate a Ransomware infection.  Assuming this is wannacry, the pinging part of its lifecycle is not within the designed area of coverage of MBARW.  However, once the ransomware file gets transmitted and executed, once it starts its Ransomware activities, this is when MBARW kicks in.  In fact, during the Wannacry outbreak last May, MBARW was able to detect WannaCry and luckily has helped us attain a zero infection for all our customers using MBARW.

I hope you dont see this as a product plug, but our Malwarebytes 3 product, which includes MBARW, also protected our customers from this.  However, we blocked it with our Anti-Exploit technologies where we were able to mitigate the ransomware at a much earlier stage in its lifecycle.  Malwarebytes 3 includes all of our protection technologies Anti-Malware, Anti-Exploit, Anti-Ransomware and Web Protection and this multi-layer solution was able to stop wannacry on all of these technologies.

Anyway, hope this helps.

-jong

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.