Ranstop, how effective is it really against ransomware?

Read: https://temasoft.com/information/ranstop-stops-clop-ransomware/ ::slight_smile:
Read translated from Russian: https://translate.google.ru/translate?hl=ru&tab=wT&sl=ru&tl=en&u=https%3A%2F%2Fid-ransomware.blogspot.com%2F2019%2F02%2Fclop-ransomware.html

This in the light of the recent ransomware attack on Dutch Maastricht University:
https://securityaffairs.co/wordpress/95687/malware/maastricht-university-ransomware.html

Main line of infection vulnerable MS Windows - all of Windows dhcp-servers, Exchange-servers, domaincontrollers & Windows network disks were hit. Entrance point as for now unknown.

polonus

L.S.

Strange that I cannot get any reactions here. This just seen from the enormous engulfment of ransomware against Microsoft OS lately.
With ransomware against firms and institutions that have to pay 1% of their annual income to buy keys to unlock their encrypted data >:( like Clop ransomware, malcreated by the Russian TA505 group, that could be identified by the server and methods they used.

Microsoft is not coming up with a Fix-it for this within foreseeable time, so mitigation of this threat is far away.
Going on like this everywhere around the planet ransomware could cost us all our free Interwebz. Is that what you wait for?

Read: https://cybersecurity-excellence-awards.com/candidates/temasoft-ranstop/

polonus

When the threat comes in through the mail (PHISHING - ransomware) installing DMARC would certainly help.
Europol has already advised us to implement DMARC - Domain Message Authentication Reporting & Conformance (DMARC),
an email-authentication-protocol. A missed chance for organisations. Check: https://dmarcian.com/dmarc-inspector/
& https://dmarcian.com/phishing-scorecard/

polonus

In the recent Maastricht University clop ransomware attack Windows Defender Tamper Protection was not installed.
In that way Windows Defender could be halted to function.
Also older versions of MBAM ransomware protection do not work to stop Clop.
MBAM version 4 is not vulnerable.

Also support this Dutch initiative together with Europol: https://www.nomoreransom.org/

polonus