CryptoBlocker icon indicating copy to clipboard operation
CryptoBlocker copied to clipboard

Published 20 hours ago verified publisher icon nexxai

includelist.txt, similar to skiplist.txt, but list of files to screen

Open aggie96 opened this issue 7 years ago • 6 comments

I would like to see some sort of includelist.txt functionality, similar to skiplist.txt, but a list of files to screen while waiting on file extension submission to be approved.

For example, a nearby county government system was hit today by a LockCrypt variant. In researching what happened, the .lock extension was brought to my attention by this link:

https://www.bleepingcomputer.com/news/security/lockcrypt-ransomware-crew-started-via-satan-raas-now-deploying-their-own-strain/

I have submitted the extension via https://fsrm.experiant.ca/, but while waiting for them to approve it, I would like to add it to an include list and re-run my script across all of our servers through our MSP software so that I get the protection immediately instead of waiting for a day or two.

Thank you for your consideration.

Mark

aggie96 avatar Dec 06 '17 22:12 aggie96

Hi there, I like the idea for an includelist (please feel free to code this up and submit it as a pull request to be integrated into the public version), however specifically regarding your comment about the *.lock extension, due to its ambiguity and wide-ranging potential for disruption, without a solid case from the community, we won't approve it.

nexxai avatar Dec 06 '17 22:12 nexxai

ok with Nexxai: extension needs to be approved but I also like the idea to manually include even if it needs a real close management

davidande avatar Dec 06 '17 22:12 davidande

Makes sense. That makes the includelist even more important for ambiguous extensions that won't work for the public but would work for me.

I'll admit, I am a bit ignorant about how github works. I also coded functionality to include the skiplist in the text of the script itself so that I could run it via my script engine in my MSP software, but was afraid to try to post it since I am too lazy to figure out how the pull request functionality worked. I'll get off my lazy duff and figure it out! ;-)

aggie96 avatar Dec 06 '17 22:12 aggie96

I also don't know how to. just post it here :-)

davidande avatar Dec 06 '17 22:12 davidande

Okay, I overcame my laziness, but I couldn't overcome my stupidity and figure out the pull process. Here is the code in case I can't join the 21st century and figure out this git thing.

This includes the maintaining of the skiplist in the code for deployment across multiple servers without having to create and update skiplist.txt file on each server (it does still create skiplist.txt each time which could be removed), and the inclusion of an includelist.

deployandmaintaincryptoblocker.txt

aggie96 avatar Dec 07 '17 01:12 aggie96

It looks like in the attachment that there are changes other than just the IncludeList ... also, it looks like the IncludeList is hard-coded into the script. The patch I attached above only impliments the IncludeList feature and does so by using an external file (IncludeList.txt) rather than hard-coding the screen list.

StarDestroyer78 avatar Jan 11 '18 22:01 StarDestroyer78