Kaseya Community

Cryptolocker - KAM doesn't detect it, but the free MBAM does....

This question is not answered

We purchased a whole bunch of KAM thinking it would protect our client from cryptolocker after they had 1 incident the week before, however KAM doesn't seem to detect it. When you remove KAM and install the free MBAM it does...

What gives? anyone have the same issue?

 

All Replies
  • thanks for the feedback, I have passed it to the KAM specialists

    Please note that the only thing that protects 100% against Cryptolocker (and other similar nasty malware) is user education which revolves around one simple rule:

    >> Don't open random attachments and do not double-click the file within to install <<

    Here are a few resources you can review (please note Kaseya do not endorse or support the tools or utilities mentioned in these posts):

    community.kaseya.com/.../19104.aspx

    community.kaseya.com/.../19070.aspx

    www.bleepingcomputer.com/.../cryptolocker-ransomware-information

    A new version of KAM will be released with the Winter Update - see our Roadmap for details: community.kaseya.com/.../roadmap.aspx

    Hope it helps,

    Amado

  • Silverstorm my company is having the exact same issue's you are. Here is what we've found by testing in our Sandbox environment:

    1. Only the consumer edition of Malawarebytes basic or Pro detects the Cryptolocker virus.

    2. The consumer edition of Malwarebytes Pro does detect the Cryptolocker virus with the realtime scanning feature and blocks the virus prior to it installing

    3. It doesnt matter if KAM is on the latest definition it still will not detect the virus, we tested multiple times.

    4. When Cryptolocker infects the machine, it comes in with a possible zero access rootkit that corrupts the KAV local dat's to corrupt the anti-virus.  (Unfortunately we don't have an original sample of the Cryptolocker that does this). When this happens the virus begins to infect the machine after about 3-5 minutes usually, time can vary, during which KAM will not detect with a full system scan at all and the realtime scanning that KAM has does not detect the virus

    5. We believe that the issue is with the scan engine being used by KAM. Currently KAM uses version 1.50, while the consumer edition of Malwarebytes uses scan engine 1.75. Malwarebytes tested on their end and stated that their version 1.50 does detect the virus. This part might change as the troubleshoot the issue with us

    Currently our case has been escalated by Kaseya to Malwarebytes for resolution. We are awaiting to hear back from Kaseya on this.

  • That's too bad to hear. I just got through telling a lot of my sales guys and engineers that KAM uses MBAM Pro which according to malwarebytes would be one of the few scanners that would detect and block cryptolocker before it can take hold (blog.malwarebytes.org/.../cryptolocker-ransomware-what-you-need-to-know). Hearing this news that it cannot do this in KAM is rather sad, as I now have to go back to these guys and tell them that it actually doesn't do this.