cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 4

Blocking Scarab Ransomware

Hi,

Recently we got the news that Scarab Ransomware from the link https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware

So we decided to create User-defined rules under access protection policies.There is one registry path

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

uSjBVNE = "%Application Data%\sevnz.exe   which we need to block in VSE policy.I just wanted to know what is the best possible rule we can create for blocking the registry as mentioned in the link to avoid the impact of Scarab Ransomware.

Any answer will be highly appreciated..

3 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Blocking Scarab Ransomware

Hi everyone,

Plz reply to let me configure the best possible policy for the mentioned ransomware

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: Blocking Scarab Ransomware

Can anyone tell how to create rule for the above query

Level 10
Report Inappropriate Content
Message 4 of 4

Re: Blocking Scarab Ransomware

I'm not going to advise which actual rules to create... however....

You could do worse than look at McAfee's ransomware guide:

McAfee Corporate KB - Combating Ransomware - Rev J PD25203

It has rules for different ransomware types, which includes application protection rules for blocking certain registry or file/folder creation/executions.

Whilst the link you gave indicates a specific executable name, its worth considering that there are likely to be versions of this that generate the executable with a random name, rather than one specific. This will be something to consider when you create you rules.

If you want specific details for what rules to create for Scarab, I think your best bet would be to log a request with Support.

Regards

Matt W.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community