[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

E

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
 
WinXPert

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Can't install on Windows 7 Starter. Missing some dlls.
 
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Evjl's Rain said:
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
Click to expand...

Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
 
  • Like
Reactions: frogboy
E

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Amelith Nargothrond said:
Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
Click to expand...
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying types
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
 
Last edited:
  • Like
Reactions: Deleted Member 3a5v73x, BugCode, HarborFront and 2 others
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Evjl's Rain said:
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying type
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
Click to expand...

I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
 
  • Like
Reactions: Deleted Member 3a5v73x, silversurfer, BugCode and 3 others
E

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Amelith Nargothrond said:
I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
Click to expand...
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
 
  • Like
Reactions: Amelith Nargothrond
Captain Awesome

Captain Awesome

Level 24
Verified
Top Poster
Well-known
May 7, 2016
1,307
Evjl's Rain said:
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Click to expand...
Appcheck is better.
 
  • Like
Reactions: Deleted Member 3a5v73x, _CyberGhosT_, BugCode and 4 others
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Evjl's Rain said:
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Click to expand...

Np, anytime.
I restarted the machine first before the restore, now i did got a big warning message with "ransomware activity detected" with two options (Allow/Deny). And i don't know if i did the recovery, or the app, but i had some of my files back (a very few).
This was a very quick test, a more thorough is mandatory to conclude something :)
I'm looking forward for yours! :)
 
  • Like
Reactions: Evjl's Rain
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
shmu26 said:
how do you get appcheck free, and what are limitations of free version?
Click to expand...

From here: CheckMAL
The free version will not remove the ransomware, will not protect the mbr or files in shared folders (is it only protecting shared folders from a remote encryption and not the entire drive, i don't know - in case of administrative shares), automatic backups are not working.
 
  • Like
Reactions: shmu26
E

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Amelith Nargothrond said:
I just got a sample of havoc (thank you @Evjl's Rain ) and this time RansomOFF stopped this one. As far as i can see, i lost only one file.
Click to expand...
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
 
  • Like
Reactions: frogboy and Amelith Nargothrond
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Evjl's Rain said:
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
Click to expand...

On the desktop is the one file i lost. My PC is not locked. Just checked, there is no suspicious process running.
Also, there is no visible action against the executable file, it's not quarantined, deleted or something.

Update:
Report from RansomOFF: User Action: The user selected to block and terminate this process.
 
  • Like
Reactions: frogboy and Evjl's Rain

Similar threads

Trident
    • Like
    • +Reputation
    • Thanks
New Update Announcing ZoneAlarm Anti-Ransomware for Mac (BETA)
Replies
6
Views
933
Other security for Windows, Mac, Linux
Trident
Trident
Brownie2019
  • Locked
On Sale! ZoneAlarm Extreme Security NextGen/ 5Dev./1yr/ €41.95
Replies
2
Views
451
Discounts and Deals
penta_gramm
P
Brownie2019
    • +Reputation
On Sale! ZoneAlarm Extreme Security NextGen 5Dev./1yr/€26.95
Replies
3
Views
549
Discounts and Deals
cartaphilus
cartaphilus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top