Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
1
Replies

Which rule number in IPS will protect Ransomaware - Reyptson

thaungtunzaw
Level 1
Level 1

‎07-26-2017 07:52 PM - edited ‎03-10-2019 06:53 AM

Hello,

I would like to ask that to protect Reyptson Ransomware, which rule number need to disable?

Thanks.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-27-2017 08:00 AM

The Indication of Compromise (IOC) for Reytson is a malware file with SHA-256 hash of 

e6d549543863cd3eb7d92436739a66da4b2cc1a9d40267c4bb2b2fa50bf42f41

I got that information from:

http://www.securitynewspaper.com/2017/07/18/reyptson-ransomware-spams-friends-stealing-thunderbird-contacts/

That file would be detected as malware by an AMP file policy - not an IPS rule. So if you have AMP for Networks or AMP for Endpoints you would be protected.

I put the hash in my AMP console and confirmed that it has been identified by malware since 17 July based on multiple behavioral indicators from the Threatgrid sandbox.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card