Jump to content
geekf

User Machine Infected by GandCrab ransomware

Recommended Posts

24 minutes ago, geekf said:

This machine has both Anti-Malware and Anti-Exploit installed.

What do you mean "Anti-Malware and Anti-Exploit installed"???? Antimalware includes antiexploit.

And what do you mean by "affected"   ????  any file  has been encrypted?? As far as I know the Ransomware protection in MBAM is not dependent of signatures and should quarantine the GrandCrab after several files being encrypted.

Share this post


Link to post
Share on other sites

Yes, Anti-Malware has both, but you can have a package just for Anti-Malware or Anti-Exploit.

All user files are encrypted. No MBAM did not quarantine the GrandCrab.

Share this post


Link to post
Share on other sites

Ok , let's make it clear: in Anti-Malware  was the "Ransomware protection" enabled or not?????

The "Ransomware protection" is behavior based and not signature based. If the client did not have "Ransomware protection" enabled , that may explain the failure.

Also there is no detection on  Bitdefender, TrendMicro, VIPRE, EmsiSoft....

Share this post


Link to post
Share on other sites

The protection module was enabled. 

Yes, other vendors did not flag it as well including Microsoft.....

Share this post


Link to post
Share on other sites

@lock

This is the business client and not consumer. Modules are separate and not bundled like consumer. Please do not comment any further on this thread.

@geekf

Thanks for the file submission it was already defined and going out in next update.

Anti Ransomware Module would of stopped this.

 

Edited by shadowwar

Share this post


Link to post
Share on other sites
1 hour ago, shadowwar said:

Anti Ransomware Module would have stopped this

Exactly what I said!

1 hour ago, shadowwar said:

This is the business client and not consumer.

Why is posted in the consumer section?

1 hour ago, shadowwar said:

This is the business client

How should I know???

Share this post


Link to post
Share on other sites

You don't but if you aren't sure you should not reply.

And if you look it was always in the business forum.

Edited by shadowwar

Share this post


Link to post
Share on other sites

Hi @geekf, the business builds have a separate tool outside of the console's management. Protection Module under the your policy controls Anti-Malware and Anti-Exploit, for console users, the Anti-Ransomware tool is an extra part. In your download package for the console, you will find it in Malwarebytes_Endpoint_Security_1.8.x.0000 -> Unmanaged -> Windows -> MBARW_Business _Setup, in EXE or MSI. Make sure to deploy this extra piece to be protected from ransom attacks.

Virustotal is a great resource, but be careful using it to judge whether Malwarebytes' technologies will engage with a file. The real-time protection watches the item's behavior, which is different than the file itself. The file may show clean or undetected, but the right real-time piece will engage with it if there's an attempt to run and perform malicious behavior. Virustotal cannot replicate this.

Edited by djacobson

Share this post


Link to post
Share on other sites

Hi @djacobson , thank you for your reply.

I have already deployed Anti-Ransomware on test machines and will be deploying it to more clients soon.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.