cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

2 New hits - Mamba, Diablo6 and old Cerberware

Dear All,

Hope new variants of ransomware getting floated now.

Anyone have clue of signatures to be available for block in CheckPoint?

1) Diablo6: New Variant of Locky Ransomware

2) New variant of Mamba

3) Cerberware (This is older one)

Regards, Prabulingam.N

0 Kudos
2 Replies
Employee+
Employee+

Re: 2 New hits - Mamba, Diablo6 and old Cerberware

Please see : Threat Intelligence News 14 August 2017 

"

The Mamba ransomware, which affected San Francisco’s Metro last year, has recently resurfaced and targeted corporations in Brazil and Saudi Arabia, according to researchers. The article includes a technical analysis of the ransomware.

Check Point Anti-Bot blade provides protection against this threat (Trojan-ransom.Win32.Mamba.*)

A new variant of the popular Locky ransomware named Diablo6 is being spread in a spam email
campaign.


Check Point IPS and Anti-Bot blades provide protection against this threat (Suspicious Mail Attachment Containing JavaScript Code; Trojan-ransom.Win32.Locky.*; Operator.Locky)

"

Check Point Forensic Files: Cerber Ransomware Distribution using Office DOTM files:

Check Point Forensic Files: Cerber Ransomware Distribution using Office DOTM files | Check Point Blo... 

0 Kudos

Re: 2 New hits - Mamba, Diablo6 and old Cerberware

Dear Ofir,

Thanks for prompt response. 

I can see signatures been updated for Locky & Cerber in Threat Prevention_Protections Tab as below:

(Trojan-Downloader.Win32.Cerber.* Trojan-Ransom.Win32.Cerber.* Trojan-Ransom.Win32.Locky.*  

 Trojan-Downloader.Win32.Locky.*)

But unable to see any signature search for Mamba in Threat Prevention_Protections Tab 

(Threat Wiki shows Trojan-ransom.Win32.Mamba.*)

Please help us out in above.

Regards, Prabulingam.N

0 Kudos