From 63b72cdadec3d8cb8477dbcb6ee8525f10dcefbc Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Thu, 28 Dec 2017 13:28:49 +0100
Subject: [PATCH] add in preventive measures: blacklisting phone numbers

---
 clusters/preventive-measure.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/preventive-measure.json b/clusters/preventive-measure.json
index 2486c11..1f7c71c 100644
--- a/clusters/preventive-measure.json
+++ b/clusters/preventive-measure.json
@@ -245,6 +245,18 @@
       },
       "value": "Sysmon",
       "description": "Detect Ransomware in an early stage with new Sysmon 5 File/Registry monitoring"
+    },
+    {
+      "value": "Blacklist-phone-numbers",
+      "description": "Filter the numbers at phone routing level including PABX",
+      "meta": {
+        "refs": [
+          "https://wiki.freepbx.org/display/FPG/Blacklist+Module+User+Guide#BlacklistModuleUserGuide-ImportingorExportingaBlacklistinCSVFileFormat"
+        ],
+        "effectiveness": "Medium",
+        "impact": "Medium",
+        "complexity": "Low"
+      }
     }
   ],
   "name": "Preventive Measure",
@@ -255,5 +267,5 @@
   ],
   "description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
   "uuid": "1a8e55eb-a0ff-425b-80e0-30df866f8f65",
-  "version": 2
+  "version": 3
 }