Helpful ReplyHot!“Locky” ransomware

Page: < 12 Showing page 2 of 2
Author
MrSinners
Bronze Member
  • Total Posts : 46
  • Scores: 6
  • Reward points: 0
  • Joined: 2014/03/05 09:22:42
  • Status: offline
Re: “Locky” ransomware 2016/03/29 01:03:06 (permalink)
0
hanmyoehtet
Hi all,
I cant find locky.botnet IPS signature in my IPS signature list. The latest update for IPS is 29/3/2016. How can I verify if that signature is installed or not. Thanks.
 


It's not available in the IPS list, it's listed under Application Control. Choose 'Application Override' within an AC profile and search for Locky.
#21
terry.miesse
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/03/30 14:46:07
  • Status: offline
Re: “Locky” ransomware 2016/03/30 14:48:23 (permalink)
0

mmclaren@oneit.ca
I saw a site get infected with Locky on Monday.  They had the Fortigate Application Control setup to block the Botnet category just as SecurityPlus described in post #16.  This blocked Locky from retrieving it's encryption key so it didn't encrypt any files.  
 


I have this rule set up also, but I've had several instances get through.  Does this rule go on inbound or outbound traffic?  (Running on an inherited config...)


#22
bates@microagecs.com
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/07/22 11:29:34
  • Status: offline
Re: “Locky” ransomware 2016/04/05 06:02:24 (permalink)
0
terry.miesse

mmclaren@oneit.ca
I saw a site get infected with Locky on Monday.  They had the Fortigate Application Control setup to block the Botnet category just as SecurityPlus described in post #16.  This blocked Locky from retrieving it's encryption key so it didn't encrypt any files.  
 


I have this rule set up also, but I've had several instances get through.  Does this rule go on inbound or outbound traffic?  (Running on an inherited config...)






My coworker has experienced the same. App Control & AV Enabled on LAN to WAN with botnet blocked.
#23
Fahad
Bronze Member
  • Total Posts : 37
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/07/19 06:15:06
  • Location: Kuwait
  • Status: offline
Re: “Locky” ransomware 2016/04/05 06:15:21 (permalink)
0
its under botnet check my screenshot attached

Attached Image(s)

#24
finjoe
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/11/13 04:23:59
  • Status: offline
Re: “Locky” ransomware 2017/11/13 23:38:12 (permalink)
0
Might be an easier way of doing this but here's what worked for me:
  1. Install letsencrypt on a box with tcp/80, tcp/443 open.
  2. Temporarily point the DNS A record of your SSL VPN at the box you're going to run letsencrypt on.
  3. Run letsencrypt-auto -d vpn.yoursite.com and when prompted choose the standalone server option.
  4. Undo step 2 by pointing your DNS A record back at your SSL VPN IP
  5. Grab your pems from /etc/letsencrypt/live/vpn.yoursite.com
FortiGate:
  1. System -> Config -> Certificates -> Import -> Local Certificate. Set type to Certificate. For certificate choose cert.pem and for key choose privkey.pem
  2. VPN -> SSL -> Settings. Change Server Certificate.
  3. Repeat process every 90 days
Here is the VPN Encryption Guide if you need any other configuration. 
#25
Page: < 12 Showing page 2 of 2
Jump to:
© 2017 APG vNext Commercial Version 5.5