App Review Zepto Ransomware

[cruelsister]

I'm almost embarrassed to publish this after the very fine production of Modal's video (but I'll do it anyway).

 

[Captain Awesome]

Qihoo is great against newly arrive Ransomwares.Great demonstration as always.@cruelsister

 

[frogboy]

Still a very good review thanks @cruelsister

 

[NullByte]

Depends on the sample source, if you download from mdl or any similar site there is 90% the file will be blocked

QVM was always good, it also has a few FP (a little more).

 

[Noxx]

Everyone has their own style that their comfortable with, and that's something to admire. In the end, you're all fighting the same battle. Thank you for sharing your review.

 

[harlan4096]

I have been testing all those new *.js variants (special samples) in MalWareHub section in this forum with KTS2016MR1c which @Modal Soul has been uploading in previous weeks... and I have to say that some of those antivirus can't detect those variants on demand scanning, but They should block Them on execution... I have been even testing some of those variants *.js in KTS2016MR1c disabling File AV + HIPS (Application Control + FireWall, and in some cases without KSN/Cloud) and Kaspersky blocked all of Them...

 

[Der.Reisende]

Very nice vid, thank you for sharing

 

[Alkajak]

@cruelsister Great video going into the details of things and setting people straight as usual. It's easier to understand the real level of threat on these new campaigns when it's broken down by someone that actually knows her stuff.

 

[jamescv7]

The problem here is all about the AV analysis, obfuscation defeats the purpose which should improve more on those secondary components like HIPS, BB or even anti-Ransomware protection.

A product must work very well throughout the cycle plans.

Many AV implement BB, IDS and few others as passive and not proactive.