- Apr 13, 2013
- 3,149
More Fun with Ransomware Part 2
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Do these malware affects programs like Rollback, AX64, etc... I mean with these malware infection is it possible to restore system with the installed RB, AX64, etc...
Would be good to see a test on the above mentioned software.
And would be good to see a test on Voodoo Shield different Protection Modes.
Would be good to see a test on the above mentioned software.
And would be good to see a test on Voodoo Shield different Protection Modes.
Last edited by a moderator:
@curelsister, I follow with interest your tests. Thank you
Do you think that appguard instead WinAntiRamson , is able to stop the ramsonware?
Do you think that appguard instead WinAntiRamson , is able to stop the ramsonware?
Deleted. Incorrect infos.
Last edited by a moderator:
- Apr 13, 2013
- 3,149
AppGuard is a finely coded security application, no doubt, and would stop stuff like this. The only issue I have with AppGuard (or any anti-exe) is that when AG is confronted by and unknown the user will get a popup where he/she must choose whether or not to run the file. An incorrect decision will end in tears.
BRN changed it. It is just block notification. User now has to go through hidden UI to allow.
Still, handing AppGuard to novice with a not-so-great help file is... well, it just ain't gonna turn out so well for some. Virtualization is much easier for vast majority of users.
Last edited by a moderator:
- Aug 2, 2015
- 4,286
@CruelSis, new Teslacrypt 4 is reported to be unbreakable and a horror to stop. Cant wait for a test of that one. The way things are going I am going to have to keep my PC in a bubble lol. PeAcE
it would interesting to test it...
sorry see under this post
sorry see under this post
it would be interesting to test it ...
Most advanced users just run AppGuard in Lock-Down mode. A few use Protected Mode. It doesn't really matter too much which policy is enforced if user never introduces new files to their system and attempts to execute them.
Infection much more likely the result of user mistake or carelessness when using AppGuard. Once you learn how to use it, much less likely to screw up.
Any how, this is kinda off-topic and I will leave it at that.
@cruelsister: Great vid as always, thank you for the Part II 
Seems as if Ransomware is becoming the biggest threat today. However, it has one good aspect: More and more people will be forced to do backups - even if they were too lazy in the past
Thank you for sharing
Seems as if Ransomware is becoming the biggest threat today. However, it has one good aspect: More and more people will be forced to do backups - even if they were too lazy in the past Thank you for sharing
- Jan 4, 2016
- 1,022
I can't see this video.. Why? Now I can view it, but the 1st time I tried from youtube it gave me an error
Last edited:
It asked me to view it on Youtube only due to the Music content used in the background (Copyright owner disallows showing it from embedded sources (like MT)).
EDIT: @TheMalwareMaster: Maybe due to my German IP.
Attachments
- Jan 4, 2016
- 1,022
Thank you, I could only view it at MT instead.. And What about Bitdefender anti-ransomware module included in Bitdefender 2016?
Last edited:
- Apr 13, 2013
- 3,149
Cyber- I actually was just sent a Tesla4 file this morning by a former colleague. It is curious that the files (Doc, Photos, etc) retain their original file extension while still being encrypted. So far I just infected a few machines for giggles and really don't see it as any great advance. Although I'm sure the usual suspects will call this THE WORST THING EVER personally I'll take a Tesla any day over a Winlocky..
- Jun 14, 2011
- 1,790
But is there any digitally signed ransomware in the wild?
- Jul 28, 2014
- 1,990
Interesting to see that while ESET blocks the treat it somehow was still able to bypass it and get on the system? Does anyone have an explanation for that?
- Jun 14, 2011
- 1,790
I guess that ESET didn't detected all of it's components so something got into the system.
- Apr 13, 2013
- 3,149
The ESET detections (aside from the desktop Tesla) were the real-time scanner picking up control samples in a directory that I placed on the C drive. As there are so many fans of ESET on other forums, I thought it would be a good idea to show that ESET was running and detecting. ESET didn't detect any part of Winlocky.
- Jun 14, 2011
- 1,790
Now I have watched the video in full screen so I could read the ESET popups and now I see that none of the detections are related to Winlocky
Most of the people leave security suites at their default settings which is a huge fault since ESET can be easily customized for better detections through their non-signature based features.
Similar threads
