This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

GoldenEye - Ransomware

 We are bit concern with the new variant of the GoldenEye Ransomware making rounds, we were wondering if Sophos  is able to prevent or detect the particular RansomWare ? We searched in Sophos blogs and website, we did find an article related to how the ransomware works, but were not able to confirm whether the new variant is detected. If Sophos is able to detect this, what name it is detected.



This thread was automatically locked due to age.
Parents
  • Hello Amol Patil,

    the first question is which product you a referring to by Sophos. Assuming you are talking about endpoint protection - while the basic AV is the same on all flavours some have additional features which provide better protection.
    Anyway, able to confirm whether the new variant is detected - for this you'd have to be able to identify (describe, ideally provide a sample of) this new variant. Usually it's called a new variant when it is able to get past the defenses. Once AV vendors have obtained a sufficient number of samples and amended their detections it's less and less likely that a particular strain ("variants of variant") is successful.

    what name it is detected
    as you've probably read
    ransomware (and a lot of malware as well) is not immediately delivered. If the actual ransomware is, say, sent as an attachment - well, AV-Labs' dream. Vendors try to prevent the delivery of whatever malware, identifying the actual threat is the last chance to avert disaster. Thus unless you want to tell your grandchildren I had some ransomware and it has been stopped just in time you'd rather not want to ever need to know its name [;)].

    Many AV vendors have complementary products which try to detect ransomware by its activity and to remediate its actions (by preserving a copy of a file until it's proven that it is not maliciously modified). Even if you have one of these you should have a reasonable backup strategy and periodically review your backup and restore procedures.

    It's usually just some days during which the answer to this question is actually important. Before it's whether an unknown variant is blocked without a specific detection afterwards whether your AV is up to date.

    Christian

Reply
  • Hello Amol Patil,

    the first question is which product you a referring to by Sophos. Assuming you are talking about endpoint protection - while the basic AV is the same on all flavours some have additional features which provide better protection.
    Anyway, able to confirm whether the new variant is detected - for this you'd have to be able to identify (describe, ideally provide a sample of) this new variant. Usually it's called a new variant when it is able to get past the defenses. Once AV vendors have obtained a sufficient number of samples and amended their detections it's less and less likely that a particular strain ("variants of variant") is successful.

    what name it is detected
    as you've probably read
    ransomware (and a lot of malware as well) is not immediately delivered. If the actual ransomware is, say, sent as an attachment - well, AV-Labs' dream. Vendors try to prevent the delivery of whatever malware, identifying the actual threat is the last chance to avert disaster. Thus unless you want to tell your grandchildren I had some ransomware and it has been stopped just in time you'd rather not want to ever need to know its name [;)].

    Many AV vendors have complementary products which try to detect ransomware by its activity and to remediate its actions (by preserving a copy of a file until it's proven that it is not maliciously modified). Even if you have one of these you should have a reasonable backup strategy and periodically review your backup and restore procedures.

    It's usually just some days during which the answer to this question is actually important. Before it's whether an unknown variant is blocked without a specific detection afterwards whether your AV is up to date.

    Christian

Children
No Data