Alex Cox

Ransomware Indicators added to RSA LIVE

Blog Post created by Alex Cox Employee on Jun 3, 2016

You asked and we listened! 

 

Ransomware continues to be a significant threat to our customers, so this is a very timely addition.  Abuse.ch has added a ransomeware tracker which tracks the following families of ransomware:

 

TeslaCrypt

CryptoWall

TorrentLocker

PadCrypt

Locky

CTB-Locker

FAKBEN

PayCrypt

 

We’ve added these indicators to the following feeds in LIVE:

 

Third Party IOC Domains

Third Party IOC IPs

 

They can be located with the following pivot in the Security Analytics UI:

 

Threat.category = “abuse.ch ransomware”

 

Happy Hunting!

 

RSA-FirstWatch

Outcomes