Jump to content

User Machine Infected by GandCrab ransomware


Recommended Posts

24 minutes ago, geekf said:

This machine has both Anti-Malware and Anti-Exploit installed.

What do you mean "Anti-Malware and Anti-Exploit installed"???? Antimalware includes antiexploit.

And what do you mean by "affected"   ????  any file  has been encrypted?? As far as I know the Ransomware protection in MBAM is not dependent of signatures and should quarantine the GrandCrab after several files being encrypted.

Link to post
Share on other sites

Ok , let's make it clear: in Anti-Malware  was the "Ransomware protection" enabled or not?????

The "Ransomware protection" is behavior based and not signature based. If the client did not have "Ransomware protection" enabled , that may explain the failure.

Also there is no detection on  Bitdefender, TrendMicro, VIPRE, EmsiSoft....

Link to post
Share on other sites

@lock

This is the business client and not consumer. Modules are separate and not bundled like consumer. Please do not comment any further on this thread.

@geekf

Thanks for the file submission it was already defined and going out in next update.

Anti Ransomware Module would of stopped this.

 

Edited by shadowwar
Link to post
Share on other sites
1 hour ago, shadowwar said:

Anti Ransomware Module would have stopped this

Exactly what I said!

1 hour ago, shadowwar said:

This is the business client and not consumer.

Why is posted in the consumer section?

1 hour ago, shadowwar said:

This is the business client

How should I know???

Link to post
Share on other sites
  • 2 weeks later...

Hi @geekf, the business builds have a separate tool outside of the console's management. Protection Module under the your policy controls Anti-Malware and Anti-Exploit, for console users, the Anti-Ransomware tool is an extra part. In your download package for the console, you will find it in Malwarebytes_Endpoint_Security_1.8.x.0000 -> Unmanaged -> Windows -> MBARW_Business _Setup, in EXE or MSI. Make sure to deploy this extra piece to be protected from ransom attacks.

Virustotal is a great resource, but be careful using it to judge whether Malwarebytes' technologies will engage with a file. The real-time protection watches the item's behavior, which is different than the file itself. The file may show clean or undetected, but the right real-time piece will engage with it if there's an attempt to run and perform malicious behavior. Virustotal cannot replicate this.

Edited by djacobson
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.