Possible error in the ransomware filelist

nexxai / CryptoBlocker

A script to deploy File Server Resource Manager and associated scripts to block infected users

GNU General Public License v2.0

200 stars 73 forks source link

Possible error in the ransomware filelist #72

Closed pizzablitz closed 5 years ago

pizzablitz commented 5 years ago

Hello The following entry is incorrect in the filelist: https://fsrm.experiant.ca/

*.2lwnPp2B
89f35f20af62201010e3218a22c50ed6994c79fb6f9f2210fd55203e6e6b01a1

The second line seems to be a SHA256 hash. The JSON file contains a \n and this leads to a line break.

Regards Pizzablitz

nexxai commented 5 years ago

Nice catch! I've removed it from the list.

Thanks for letting us know!

pizzablitz commented 5 years ago

Hi Justin

That's no joke. What should I do? It really seems to be a bug in the ransomware filelist. Who can help me?

Friendly greetings Heinrich

Von: "Justin Smith" notifications@github.com An: "nexxai/CryptoBlocker" CryptoBlocker@noreply.github.com Kopie: "pizzablitz" heinrich.appert@luks.ch, "Author" author@noreply.github.com Datum: 07.02.2019 17:42 Betreff: Re: [nexxai/CryptoBlocker] Possible error in the ransomware filelist (#72)

Closed #72. ? You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

nexxai commented 5 years ago

Hi Heinrich,

I absolutely wasn't joking - I really removed it from the list!

If you go to https://fsrm.experiant.ca/api/v1/combined and search for that sha256 string, it shouldn't be there. If it's still showing up, it could be a caching issue, but I definitely removed it.

See this screenshot showing the DB table (note that the bad one has an entry in the "deleted_at" column):

screen shot 2019-02-07 at 9 54 53 am

pizzablitz commented 5 years ago

Hi Justin

Oh sorry. Excuse me. I thought because the github entry disappeared, that you thought it was a joke. Thank you for the quick support. You are my hero of the day. Many Thanks.

Kind regards Heinrich

Von: "Justin Smith" notifications@github.com An: "nexxai/CryptoBlocker" CryptoBlocker@noreply.github.com Kopie: "pizzablitz" heinrich.appert@luks.ch, "Author" author@noreply.github.com Datum: 07.02.2019 17:55 Betreff: Re: [nexxai/CryptoBlocker] Possible error in the ransomware filelist (#72)

Hi Heinrich, I absolutely wasn't joking - I really removed it from the list! If you go to https://fsrm.experiant.ca/api/v1/combined and search for that sha256 string, it shouldn't be there. If it's still showing up, it could be a caching issue, but I definitely removed it. See this screenshot showing the DB table:

? You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

nexxai commented 5 years ago

Nope, definitely not a joke - I just take this stuff super serious. If someone reports a problem, I drop what I'm doing and work on it (provided I am not driving at the time or whatever).

I'm just glad you find it useful.

Have a great day!