Jump to content

ESET DNA DETECTION vs stop/djvu ransomware


Recommended Posts

hello, why dont eset dna detection block stop/djvu ransomware variant, because we know this ransomware oftenly creating new varian with different encrypted file extention.

and how dna detection work actually

 

thanks,

Link to comment
Share on other sites

  • Administrators

Unfortunately it's not clear what you mean. Do you have an undetected sample of Filecoder.STOP ? If so, please supply it to me or samples[at]eset,com in an archive encrypted with the password "infected".

Link to comment
Share on other sites

we have 3 times in a row january,feb,march encrypted by this ransom with defferent extention, all installed eset endpoint security with secheduled update only once a day. i know this setting will give the endpoint slightly late to update. but we need to.

in my opinion ,eventough the endpoint is late several version of update,eset dna detection should be able to prevent the threat that they already know including the new varian. is that correct?
i just want to know, thats it

thankyou

Link to comment
Share on other sites

  • Administrators

As far as I remember Filecoder.STOP always ran on a machine not protected by ESET and encrypted files in remote shares with write permissions for the logged in user.

Please provide logs collected with ESET Log Collector from the machine.

Link to comment
Share on other sites

  • 2 weeks later...
  • Most Valued Members
On 5/24/2022 at 8:29 AM, anjayani said:

we have 3 times in a row january,feb,march encrypted by this ransom with defferent extention, all installed eset endpoint security with secheduled update only once a day. i know this setting will give the endpoint slightly late to update. but we need to.

in my opinion ,eventough the endpoint is late several version of update,eset dna detection should be able to prevent the threat that they already know including the new varian. is that correct?
i just want to know, thats it

thankyou

If you have been encrypted 3 times you really should look at how you got infected in the first place.

An antivirus can help but you really need to look at your habits and those of your employers if your part of a company, try to educate your staff and put in procedures e.g. backups

Link to comment
Share on other sites

12 hours ago, peteyt said:

If you have been encrypted 3 times you really should look at how you got infected in the first place

True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging.....

Link to comment
Share on other sites

  • Administrators

Again, Filecoder.STOP has been typically seen on machines encrypting files in remote shares on which ESET was not running or where the attacker was able to kill ESET due to unpatched OS and the settings not protected by a password, or by not having detection of potentially unsafe applications enabled.

Link to comment
Share on other sites

  • Most Valued Members
11 hours ago, rotaru said:

True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging.....

Problem is without any information it is hard to really know the issue. As Marcos has also mentioned, are they up to date with patches etc. Do they have the latest version of eset.

Link to comment
Share on other sites

22 hours ago, rotaru said:

True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging.....

Having an antivirus doesn't provide you with 100% protection. You still need to practice good cyber hygiene and even then it is all about lowering the odds. 

It sounds like you may benefit most from a simple cyber hygiene course. If you are a company it may be interesting to run a few fake scenarios on your employees to see what happens. You may find it is as simple as someone disabling the antivirus because it was blocking a website they were trying to access. 

Link to comment
Share on other sites

13 hours ago, TheStill said:

You may find it is as simple as someone disabling the antivirus

I never seen so far in an business environment , users to have the permission to disable the antivirus. 100% this was not the case.

On the other hand , ESET is known for low level of protection against ransomware, especially   "never seen before"

Link to comment
Share on other sites

  • Most Valued Members
20 hours ago, rotaru said:

I never seen so far in an business environment , users to have the permission to disable the antivirus. 100% this was not the case.

On the other hand , ESET is known for low level of protection against ransomware, especially   "never seen before"

The problem is that a lot of people post about issues but never give enough information. Without more information it's hard to tell what happened to the user.

For example are they on the latest version of Eset. Sounds a simple question but I've seen people posting about issues and they are using a version that's from years ago. Do they have Remote access enabled etc.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...