[bdNOG] Let's have a try to protect our system from Ransomware

Sat May 13 13:23:57 BDT 2017

Let's have a try to protect our system from Ransomware.

IP blocking in IPS/Firewall:
197.231.221.221
198.96.155.3
2.3.69.209
213.61.66.117
46.101.142.174
46.101.166.19
50.7.161.218
62.210.124.124
74.125.104.145
91.121.65.179
217.79.179.177
38.229.72.16
79.172.193.32
91.219.237.229
212.47.232.237
213.61.66.116
81.30.158.223
89.45.235.21
107.154.168.227
128.31.0.39
144.76.92.176
146.0.32.144
148.244.38.101
149.202.160.69
163.172.149.155
171.25.193.9
188.166.23.127
193.23.244.244
195.22.26.248

Blocking access to domain from  web security gateway:
bqmvdaew.net
chy4j2eqieccuk.com
demelkwegtuk.nl
domainway.de
dyc5m6xx36kxj.net
easysupport.us
enboite.be
etadjewellery.com
fa3e7yyp7slwb2.com
fkksjobnn43.org
43bwabxrduicndiocpo.net
Vboaevents.com
Vtakanashi.jp
Vtiskr.com
57g7spgrzlojinas.onion
76jdd2ir2embyv47.onion
cwwnhwhlz52maqm7.onion
gx7ekbenv2riucmf.onion
sqjolphimrr7jqw6.onion
Xxlvbrloxvriy2c5.onion
babil117.com
balprodukt.ru
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
r12.sn-h0j7sn7s.gvt1.com
bcbnprjwry2.net
bellevillenorfolkterriers.co.uk
biolume.nl
bitsslab.com
bqkv73uv72t.com

DNS black listing:
chy4j2eqieccuk.com
demelkwegtuk.nl
domainway.de
dyc5m6xx36kxj.net
easysupport.us
enboite.be
r12.sn-h0j7sn7s.gvt1.com
Vboaevents.com
Vtakanashi.jp
Vtiskr.com
57g7spgrzlojinas.onion
76jdd2ir2embyv47.onion
cwwnhwhlz52maqm7.onion
gx7ekbenv2riucmf.onion
sqjolphimrr7jqw6.onion
Xxlvbrloxvriy2c5.onion
etadjewellery.com
fa3e7yyp7slwb2.com
fkksjobnn43.org
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
43bwabxrduicndiocpo.net
babil117.com
balprodukt.ru
bcbnprjwry2.net
bellevillenorfolkterriers.co.uk
biolume.nl
bitsslab.com
bqkv73uv72t.com
bqmvdaew.net

Microsoft MS17-010 patched in windows machine.

Regards,
Mirza Rakib
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20170513/ef5e4b47/attachment.html>