Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: 2.0.4.9 and Higher
- Microsoft Windows: All Supported Versions
Question
What information is available for Carbon Black Cloud Products in relation to LockBit ransomware, and what guidance is there to ensure an organization is as protected as possible?
Answer
Additional Notes
- For Carbon Black Cloud, all of the listed IOCs are hashes and have been marked with malware reputations in the Cloud; customers do not need to add them directly to the Reputations page
- For reputation-based prevention, Sensor versions 2.0.4.9 and above will all receive current reputations for the IOCs/hashes (SHA256 only) and block based on Policy Rules related to their reputation(s) being present
- For added protections available using AMSI prevention, Sensors will need to be on v3.6.x.x or higher
Related Content
#CarbonBlackCloud#EndpointStandard