Windows 10: Block or Avoid LUCIFER Ransomeware or Malware detected on 24-06-2020

Discus and support Block or Avoid LUCIFER Ransomeware or Malware detected on 24-06-2020 in AntiVirus, Firewalls and System Security to solve the problem; On 24-06-2020, Recently Some cybersecurity researchers found LUCIFER ransomware attacked to organization computers which is running windows based... Discussion in 'AntiVirus, Firewalls and System Security' started by RAJU.MSC.MATHEMATICS, Jul 13, 2020.

  1. Block or Avoid LUCIFER Ransomeware or Malware detected on 24-06-2020


    On 24-06-2020, Recently Some cybersecurity researchers found LUCIFER ransomware attacked to organization computers which is running windows based computers


    The way of attack is explained by the below article

    https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/


    After reading the above article, I took the following precautions

    step 01

    I added the following links in the hosts file, which is located in C:\windows\system32\drivers\etc\


    ## Begining Block LUCIFER ransomware website address added on 24-06-2020

    #

    0.0.0.0 pool.supportxmr.com

    0.0.0.0 www.yzzswt.com

    0.0.0.0 gulf.moneroocean.stream

    # end Block LUCIFER ransomeware address ===============



    Also, i blocked the following Remote IP addresses in windows advanced firewall


    3.0.193.200

    3.112.214.88

    3.253.40.188

    3.253.40.189

    35.163.175.186

    37.187.154.79

    37.187.95.110

    37.59.43.131

    37.59.43.136

    37.59.44.193

    37.59.44.68

    37.59.44.93

    37.59.45.174

    37.59.49.7

    37.59.51.212

    37.59.52.83

    37.59.54.205

    37.59.55.60

    37.59.56.102

    44.202.105.45

    45.125.194.18

    45.125.194.34

    45.32.24.80

    45.76.206.51

    45.77.31.97

    46.105.103.169

    47.101.30.124

    47.102.251.102

    47.102.39.92

    47.110.190.245

    47.110.199.70

    47.241.2.137

    47.244.176.59

    76.9.50.126

    78.46.89.102

    78.46.91.134

    78.46.91.171

    78.47.158.234

    88.99.193.240

    88.99.242.92

    91.121.140.167

    91.121.2.76

    91.121.87.10

    92.110.160.114

    94.130.12.27

    94.130.12.30

    94.130.164.60

    94.130.165.85

    94.130.165.87

    94.130.206.79

    94.23.206.130

    94.23.212.204

    94.23.23.52

    94.23.23.52

    94.23.247.226

    94.23.41.130

    94.23.8.105

    95.179.220.100

    95.216.46.125

    103.101.30.10

    104.140.201.102

    107.178.104.10

    107.191.99.221

    107.191.99.95

    111.7.68.222

    116.203.61.78

    116.203.73.240

    116.211.169.162

    117.139.17.68

    139.180.131.153

    139.224.168.24

    139.224.20.173

    139.224.219.119

    139.99.100.250

    139.99.123.196

    139.99.124.170

    139.99.125.38

    139.99.72.56

    142.44.240.132

    149.202.214.40

    149.202.83.171

    149.28.17.136

    161.117.192.8

    172.104.91.217

    176.31.117.82

    176.9.2.144

    176.9.4.26

    176.9.53.68

    176.9.63.166

    178.128.107.204

    178.63.100.197

    178.63.48.196

    18.180.72.219

    183.201.229.131

    188.165.199.78

    188.165.214.76

    188.165.214.95

    188.165.254.85

    203.107.32.162

    203.107.40.49

    206.189.33.65

    210.1.226.51

    218.11.2.44

    223.167.166.51

    180.126.161.27

    210.112.41.71

    122.112.179.189

    121.206.143.140


    Also, I deleted all registry keys under

    reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f

    reg.exe delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /f

    reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" /f

    reg.exe delete "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /f

    reg.exe delete "HKLM\Software\Microsoft\Windows\CurrentVersion\spreadCpuXmr" /f

    reg.exe delete "HKCU\Software\RealVNC\vncviewer\KnownHosts" /f

    reg.exe delete "HKCU\Software\RealVNC\vncviewer\MRU" /f

    reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\MAIN\Start Page" /f



    Block the .exe , .dll , .txt , .html files using software restricting policy for the following folders under below locations


    C:\ProgramData\

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\

    %ROOT PATH%

    %TEMP%

    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    C:\Users\YOURUSERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\


    Note::

    after blocked in SRP, some trusted applications also are blocked and it cannot able to run, so in that case, add exclusions in SRP


    The source is taken from:

    https://unit42.paloaltonetworks.com/


    I say thanks to the authors Ken Hsu, Durgesh Sangvikar, Zhibin Zhang and Chris Navarrete of the article from that forum, for the detailed explanations of the ransomware.


    Thanks for reading my post, If you like this post means, then share this post to other users and give upvotes

    :)
     
    RAJU.MSC.MATHEMATICS, Jul 13, 2020
    #1
  2. Le Boule Win User
    Le Boule, Jul 13, 2020
    #2
  3. Le Boule Win User
    malware detected

    I’m not sure what the “META” alert indicates.
    Let’s see if resolving the malware detection will fix it.

    The malware detection may be in a browser. Any new browser extensions that need to be disabled?

    Any new programs/apps just installed that might contain adware?

    Empty temporary internet files, restart the computer, manually update WD and run a Quick Scan.

    Anything new in Startup that needs to be disabled?

    If the malware detections continue suggest you try the following free independent scanners:

    AdwCleaner: AdwCleaner

    Emsisoft Emergency Kit: Как обнаружить и удалить угрозы с помощью Emsisoft Emergency Kit | Emsisoft | Security Blog

    Other scanners that may help are listed at List
    of Malware Removal Tools


    AND/OR

    See Remove Viruses, Trojans & Malware from Windows PC (Free Guide)

    Note that you may need to reset your browsers - - -

    How To Reset Internet Explorer To Its Default Settings (2019 Guide)

    https://malwaretips.com/blogs/reset-chrome-settings/

    https://malwaretips.com/blogs/reset-firefox-settings/

    http://www.howtogeek.com/237527/how-to-reset-microsoft-edge-in-windows-10/

    If the issue continues open Defender, look in All Detected Items and copy the name of the malware and complete file path and tell us about the malware.

    You may also want to submit a copy of the file to VirusTotal for analysis:
    https://www.virustotal.com/

    Please post back in this thread if the malware issue continues.

    Good luck...

    http://blog.emsisoft.com/2015/01/27/top-10-ways-pups-sneak-onto-your-computer-and-how-to-avoid-them/
     
    Le Boule, Jul 13, 2020
    #3
  4. Block or Avoid LUCIFER Ransomeware or Malware detected on 24-06-2020

    Jsssssssss, Jul 13, 2020
    #4
Thema:

Block or Avoid LUCIFER Ransomeware or Malware detected on 24-06-2020

Loading...
  1. Block or Avoid LUCIFER Ransomeware or Malware detected on 24-06-2020 - Similar Threads - Block Avoid LUCIFER

  2. Block or Avoid WASTEDLOCKER Ransomeware detected on 23-06-2020

    in AntiVirus, Firewalls and System Security
    Block or Avoid WASTEDLOCKER Ransomeware detected on 23-06-2020: On 23-06-2020 , Recently Some cybersecurity researchers found WASTEDLOCKER ransomware attacked to organization computers. The way of attack is explained by the below article...
  3. printerproblem after Windowsupdate 11/06/2020

    in Windows 10 Installation and Upgrade
    printerproblem after Windowsupdate 11/06/2020: Can anyone tell me when there will be a solution for the printingproblems after the update op 11/06/2020 please ? I'm getting very nervous about it !...
  4. Windows 10 updates 2020-06

    in Windows 10 Installation and Upgrade
    Windows 10 updates 2020-06: Hello--On 6/09 four updates for June showed Available in Windows Update. As I only have access to a faster connection while on Battery, I got the updates from MUC. 2020-06 Cumulative KB4560960 is 376.9 Mb 2020-06 Flash Update KB4561600 I saved those and installed from...
  5. Block MAZE RANSOMEWARE and other malwares before entering to windows computer

    in Windows 10 Installation and Upgrade
    Block MAZE RANSOMEWARE and other malwares before entering to windows computer: Recently Maze Ransomeware compromised one of the IT services computers. This Ransomeware encrypts most of the files in different extensions formats and aks the money to decrypt. so we must aware of this maze ransomware, how it works, hows it enters into users' computers....
  6. Ransomeware

    in Windows 10 Drivers and Hardware
    Ransomeware: Hii Team I have been using Windows 10 Licensed Version and have been Switched On all the defender settings and firewall options.But unfortunately My system is now affected by MEDS Ransomeware / Virus Whatever it is. I couldn't access any files in my system . EVERYTHING IS...
  7. RANSOMEWARE

    in AntiVirus, Firewalls and System Security
    RANSOMEWARE: My PC got infected by gero ransomware unknowingly while was trying to download software. How to decrypt those .gero extension files created by it and recover my original data? Please help meI...
  8. Ransomeware / Malware Protection Insights

    in AntiVirus, Firewalls and System Security
    Ransomeware / Malware Protection Insights: As I have mentioned in previous posits, I would love to use Windows Defender however I have this red flag going off evert time I see people reporting ransomeware issues / decryption, malware/adware issues, calls or emails from various people and the need to run various tools...
  9. ransomeware

    in AntiVirus, Firewalls and System Security
    ransomeware: I have been attacked by a ransomware virus and at the same time my windows was crashed. When reinstalled the window i notify that i am hunted by some bad person. Know i am unable to use my files. All the files are added with file extension .tro, please help me....
  10. Locky malware, lucky to avoid it

    in Windows 10 News
    Locky malware, lucky to avoid it: You may have seen reports of the Locky malware circulating the web; we think this is a good time to discuss its distribution methods, and reiterate some best-practice methods that will help prevent infection. We’ve seen Locky being distributed by spam email, not in itself...