cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 1 of 4

Blocking Scarab Ransomware

Hi,

Recently we got the news that Scarab Ransomware from the link https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware

So we decided to create User-defined rules under access protection policies.There is one registry path

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

uSjBVNE = "%Application Data%\sevnz.exe   which we need to block in VSE policy.I just wanted to know what is the best possible rule we can create for blocking the registry as mentioned in the link to avoid the impact of Scarab Ransomware.

Any answer will be highly appreciated..

3 Replies
Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Blocking Scarab Ransomware

Hi everyone,

Plz reply to let me configure the best possible policy for the mentioned ransomware

Reliable Contributor haaris
Reliable Contributor
Report Inappropriate Content
Message 3 of 4

Re: Blocking Scarab Ransomware

Can anyone tell how to create rule for the above query

mattw2
Level 10
Report Inappropriate Content
Message 4 of 4

Re: Blocking Scarab Ransomware

I'm not going to advise which actual rules to create... however....

You could do worse than look at McAfee's ransomware guide:

McAfee Corporate KB - Combating Ransomware - Rev J PD25203

It has rules for different ransomware types, which includes application protection rules for blocking certain registry or file/folder creation/executions.

Whilst the link you gave indicates a specific executable name, its worth considering that there are likely to be versions of this that generate the executable with a random name, rather than one specific. This will be something to consider when you create you rules.

If you want specific details for what rules to create for Scarab, I think your best bet would be to log a request with Support.

Regards

Matt W.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community