Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1088
Views
5
Helpful
2
Replies

Sourcefire Petya Ransomeware

Go to solution
ccg-security
Level 1
Level 1

‎06-27-2017 08:50 PM - edited ‎03-10-2019 06:52 AM

Hi Cisco Support!

May we know if Sourcefire can now block the latest trends Petya Ransomeware? What is the latest VDB/signature update on IPS?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-28-2017 03:31 AM

As noted in the TALOS blog Leo linked - yes NGFW/NGIPS will prevent the compromise (assuming it is setup correctly).

The same Snort Rule Update (released back in April) that covered Microsoft's MS17-010 blocks the CnC traffic.

The incoming infection can be blocked by AMP if you have it licensed and a file protection policy in place.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card