[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

[Evjl's Rain]

most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?

 

[WinXPert]

Can't install on Windows 7 Starter. Missing some dlls.

 

[Amelith Nargothrond]

most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?

Don't know yet, i'm currently restoring my machine
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub

 

[Evjl's Rain]

Don't know yet, i'm currently restoring my machine
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub

hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying types
if you can't find one, I can give you via pm, no problem

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534

 

[Captain Awesome]

Is Malwarebytes Anti-Ransomware has MBR ransomware protection?@Evjl's Rain

 

[Evjl's Rain]

Is Malwarebytes Anti-Ransomware has MBR ransomware protection?@Evjl's Rain

not it's not
you can watch my test here at 11:00

 

[Handsome Recluse]

not it's not
you can watch my test here at 11:00

What other free stuff other than MBRFilter has MBR protection?

 

[Evjl's Rain]

What other free stuff other than MBRFilter has MBR protection?

sorry I don't know any
we can google it but MBRfilter is the best recent option

other than MBRfilter are all paid apps

 

[Amelith Nargothrond]

hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying type
if you can't find one, I can give you via pm, no problem

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534

I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up

So,

• RansomOff has a setting called aggresive detection level, that was ON (ticked)
• It does not recover your files (or if it does, it didn't work on my machine)
• i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:

1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
2. Manually restored my files from another network location
3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
4. Manually restored my files from another network location
   
5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
6. Manually restored my files from another network location
   
7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock

 

[Evjl's Rain]

I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up

So,

• RansomOff has a setting called aggresive detection level, that was ON (ticked)
• It does not recover your files (or if it does, it didn't work on my machine)
• i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:

1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
2. Manually restored my files from another network location
3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
4. Manually restored my files from another network location
   
5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
6. Manually restored my files from another network location
   
7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock

thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later

 

[Captain Awesome]

thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later

Appcheck is better.

 

[Amelith Nargothrond]

thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later

Np, anytime.
I restarted the machine first before the restore, now i did got a big warning message with "ransomware activity detected" with two options (Allow/Deny). And i don't know if i did the recovery, or the app, but i had some of my files back (a very few).
This was a very quick test, a more thorough is mandatory to conclude something
I'm looking forward for yours!

 

[Amelith Nargothrond]

Appcheck is better.

Much better.

 

[vindiesel]

Hello, I think that it is incompatible with Zemana anti-Malware was caught start task manager and Zemana anti-Malware was 93 percent use of CPU.
Had to restore PC with backup

 

[Amelith Nargothrond]

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534

Unfortunately cannot download this... "File has expired and does not exist anymore on this server"

 

[shmu26]

Much better.

how do you get appcheck free, and what are limitations of free version?

 

[Amelith Nargothrond]

how do you get appcheck free, and what are limitations of free version?

From here: CheckMAL
The free version will not remove the ransomware, will not protect the mbr or files in shared folders (is it only protecting shared folders from a remote encryption and not the entire drive, i don't know - in case of administrative shares), automatic backups are not working.

 

[Amelith Nargothrond]

I just got a sample of havoc (thank you @Evjl's Rain ) and this time RansomOFF stopped this one. As far as i can see, i lost only one file.

 

[Evjl's Rain]

I just got a sample of havoc (thank you @Evjl's Rain ) and this time RansomOFF stopped this one. As far as i can see, i lost only one file.

havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?

 

[Amelith Nargothrond]

havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?

On the desktop is the one file i lost. My PC is not locked. Just checked, there is no suspicious process running.
Also, there is no visible action against the executable file, it's not quarantined, deleted or something.

Update:
Report from RansomOFF: User Action: The user selected to block and terminate this process.