anjayani 2 Posted May 24, 2022 Share Posted May 24, 2022 hello, why dont eset dna detection block stop/djvu ransomware variant, because we know this ransomware oftenly creating new varian with different encrypted file extention. and how dna detection work actually thanks, Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 24, 2022 Administrators Share Posted May 24, 2022 Unfortunately it's not clear what you mean. Do you have an undetected sample of Filecoder.STOP ? If so, please supply it to me or samples[at]eset,com in an archive encrypted with the password "infected". Link to comment Share on other sites More sharing options...
anjayani 2 Posted May 24, 2022 Author Share Posted May 24, 2022 we have 3 times in a row january,feb,march encrypted by this ransom with defferent extention, all installed eset endpoint security with secheduled update only once a day. i know this setting will give the endpoint slightly late to update. but we need to. in my opinion ,eventough the endpoint is late several version of update,eset dna detection should be able to prevent the threat that they already know including the new varian. is that correct? i just want to know, thats it thankyou Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 24, 2022 Administrators Share Posted May 24, 2022 As far as I remember Filecoder.STOP always ran on a machine not protected by ESET and encrypted files in remote shares with write permissions for the logged in user. Please provide logs collected with ESET Log Collector from the machine. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted June 4, 2022 Most Valued Members Share Posted June 4, 2022 On 5/24/2022 at 8:29 AM, anjayani said: we have 3 times in a row january,feb,march encrypted by this ransom with defferent extention, all installed eset endpoint security with secheduled update only once a day. i know this setting will give the endpoint slightly late to update. but we need to. in my opinion ,eventough the endpoint is late several version of update,eset dna detection should be able to prevent the threat that they already know including the new varian. is that correct? i just want to know, thats it thankyou If you have been encrypted 3 times you really should look at how you got infected in the first place. An antivirus can help but you really need to look at your habits and those of your employers if your part of a company, try to educate your staff and put in procedures e.g. backups LesRMed and TheStill 2 Link to comment Share on other sites More sharing options...
rotaru 10 Posted June 5, 2022 Share Posted June 5, 2022 12 hours ago, peteyt said: If you have been encrypted 3 times you really should look at how you got infected in the first place True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging..... Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted June 5, 2022 Administrators Share Posted June 5, 2022 Again, Filecoder.STOP has been typically seen on machines encrypting files in remote shares on which ESET was not running or where the attacker was able to kill ESET due to unpatched OS and the settings not protected by a password, or by not having detection of potentially unsafe applications enabled. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted June 5, 2022 Most Valued Members Share Posted June 5, 2022 11 hours ago, rotaru said: True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging..... Problem is without any information it is hard to really know the issue. As Marcos has also mentioned, are they up to date with patches etc. Do they have the latest version of eset. Link to comment Share on other sites More sharing options...
TheStill 29 Posted June 6, 2022 Share Posted June 6, 2022 22 hours ago, rotaru said: True, but to be infected 3 times in 3 consecutive months, while you are protected by ESET is discouraging..... Having an antivirus doesn't provide you with 100% protection. You still need to practice good cyber hygiene and even then it is all about lowering the odds. It sounds like you may benefit most from a simple cyber hygiene course. If you are a company it may be interesting to run a few fake scenarios on your employees to see what happens. You may find it is as simple as someone disabling the antivirus because it was blocking a website they were trying to access. Link to comment Share on other sites More sharing options...
rotaru 10 Posted June 6, 2022 Share Posted June 6, 2022 13 hours ago, TheStill said: You may find it is as simple as someone disabling the antivirus I never seen so far in an business environment , users to have the permission to disable the antivirus. 100% this was not the case. On the other hand , ESET is known for low level of protection against ransomware, especially "never seen before" Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 393 Posted June 7, 2022 Most Valued Members Share Posted June 7, 2022 20 hours ago, rotaru said: I never seen so far in an business environment , users to have the permission to disable the antivirus. 100% this was not the case. On the other hand , ESET is known for low level of protection against ransomware, especially "never seen before" The problem is that a lot of people post about issues but never give enough information. Without more information it's hard to tell what happened to the user. For example are they on the latest version of Eset. Sounds a simple question but I've seen people posting about issues and they are using a version that's from years ago. Do they have Remote access enabled etc. TheStill 1 Link to comment Share on other sites More sharing options...
Recommended Posts