Ransomware

General discussions about Little Snitch
Post Reply
Jeffe01
Posts: 1
Joined: Sat Jan 14, 2017 3:23 am

Ransomware

Post by Jeffe01 » Sat Jan 14, 2017 3:27 am

Is Little Snitch effective against ransomware? If so, how do I set it up properly? If not, what's recommended?
Cheers.

hagen
Wizard
Wizard
Posts: 594
Joined: Mon Feb 18, 2008 11:05 pm

Re: Ransomware

Post by hagen » Sun Jan 15, 2017 6:16 am

Ransomware generally needs to call home at some time in its installation process, and at that point Little Snitch can give warning of something going on. We need only be aware of what our computer normally does, and be alert for anything out of the ordinary.

It also depends upon some vulnerable software on the target computer. Adobe Flash, Adobe Reader, Java, Office macros, etc. Those who run a tight ship have little to worry about IMO.

Here's an example of Locky (on Windows, doesn't matter). There's nothing special about this one, it's just the first that popped up in a search.

https://nakedsecurity.sophos.com/2016/0 ... d-to-know/

Take note of how it installs:

The most common way that Locky arrives is as follows:

You receive an email containing an attached document (Troj/DocDl-BCF).
The document looks like gobbledegook.
The document advises you to enable macros “if the data encoding is incorrect.”
If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it.
The saved file (Troj/Ransom-CGX) serves as a downloader, which fetches the final malware payload from the crooks.
The final payload could be anything, but in this case is usually the Locky Ransomware (Troj/Ransom-CGW).


Two chances to stop this one. First, when it asks for macros to be enabled, and second when it calls home.

JammieR
Posts: 10
Joined: Thu Aug 17, 2017 4:52 pm

Re: Ransomware

Post by JammieR » Thu Aug 17, 2017 5:22 pm

Firstly turn on FileVault (software).
Secondly, turn on the Firewalls, it's built in.
Thirdly, buy Little Snitch and keep any eye on outgoing network traffic.
Lastly, do a search for "hardening OS X" on your favorite search site. You'll find some good how to guides.

Post Reply