Hi everyone,
New to Meraki and the community forum 😊.
We've been seeing this malware-cnc (MALWARE-CNC Win.Ransomware.Lockergoga binary download attempt) for a few weeks with the snort-rule Sid 1-4967. The MX Events show IDS Alert with the actions "blocked". When checking the source IP's they all appear to be affiliated with Microsoft. Events also transpired around the same time we pushed out Win 11 upgrades.
I was wondering if anyone else has been seeing these security events in their security center/affected by this and what actions were done to resolve this issue.
Any help greatly appreciated.
Sincerely,
Khesar
Have you opened a case with support?
I'd consider MS Windows malware as well 😂 Were you successful in your windows upgrades because if the log is reporting that the traffic was blocked I would assume that you had issues upgrading.
It's a good reminder to make sure your client devices run some form of antivirus software as well.
Hi @BlakeRichardson- Thanks for your response. Yes, when we blocked the IP addresses the Win 11 upgrade stopped. Are you guys running Win 11 as well?
Thanks,
Khesar
Only because MS are forcing it. Yes you can stop the upgrades by editing GP or registry but 98% of the devices on my network are Mac so it's not a big issue for me.