1 Reply Latest reply on Sep 15, 2016 2:28 PM by HermanSchenk

    HDDcryptor ransomware

    somd55

      Has anyone heard or faced an issue getting encrypted by this? According to TrendMicro, it infects as a Ransom_HDDCryptor.A and as the name implies encrypts the HDD and the ransom demand etc.

       

      Here is a link I found from TrendMicro:

       

      TrendLabs Security Intelligence BlogBkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and …

       

      Any inputs on how to stop/avoid this will be welcome.

       

      Thanks,

       

      SD

        • 1. Re: HDDcryptor ransomware
          HermanSchenk

          Hi you can use VirusScan Access control or EP 10.2 DAC to avoid

          • connection on port 80 from PEs running in %temp% folders ,
          • execution of DLLs from %temp%  
          • Execution of scripts (ej : JS, WFS, bat)
          • creation of DLL in a %temp% folder
          • from your email server anti-spam solution block attachments with scripts files...