1 Reply Latest reply: Nov 6, 2013 10:49 AM by gfergus1 RSS

    CryptoLocker Signature?


      Anyone have anything for this?  It looks like the paid snort subscription may have one, I'm considering getting one if McAfee doesn't come up with one soon.  Let me know your thoughts!

        • 1. Re: CryptoLocker Signature?

          CryptoLocker Ransomware is a Malware attack more so than a Network Attack.


          Network Security Platform (NSP) includes or integrates with following to combat Malware related threats:

                    Global Threat Intelligence (GTI) File reputation (formerly known as Artemis)

                    Integration with Network Threat Behavior Analysis's (NTBA’s) Gateway Anti-Malware Engine (requires NSP 7.5.x & above)

                    Integration with McAfee Advanced Threat Defense (ATD) (requires NSP 8.x)


          Depending how the CryptoLocker trojan is passed through the network does affect whether or not NSP (GTI) will be able to detect it.  If the Malware is in an archive then will need NSP 7.5.x or above and integration with NTBA Gateway Anti-Malware Engine in order to scan/detect the Malware because GTI will not in this instance.


          NTBA is a separate product from NSP but a valid contract for NSP does include coverage/licensing/support for at least one (1) Virtual instance of NTBA.  ATD is a separate product as well.  For information on these products I recommend contacting a McAfee Sales Representative or McAfee Reseller.


          In summary, the NSP does not have an Alert/Attack Signature for this Malware but does have means to detect/take action (GTI) or integrate with other products (NTBA or ATD) to detect and take actions against Malware.