[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Can't install on Windows 7 Starter. Missing some dlls.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?

Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
 
  • Like
Reactions: frogboy

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying types
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
 
Last edited:

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying type
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534

I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
 
  • Like
Reactions: Amelith Nargothrond

Captain Awesome

Level 23
Verified
Top Poster
Well-known
May 7, 2016
1,285
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Appcheck is better.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later

Np, anytime.
I restarted the machine first before the restore, now i did got a big warning message with "ransomware activity detected" with two options (Allow/Deny). And i don't know if i did the recovery, or the app, but i had some of my files back (a very few).
This was a very quick test, a more thorough is mandatory to conclude something :)
I'm looking forward for yours! :)
 
  • Like
Reactions: Evjl's Rain

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
how do you get appcheck free, and what are limitations of free version?

From here: CheckMAL
The free version will not remove the ransomware, will not protect the mbr or files in shared folders (is it only protecting shared folders from a remote encryption and not the entire drive, i don't know - in case of administrative shares), automatic backups are not working.
 
  • Like
Reactions: shmu26

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I just got a sample of havoc (thank you @Evjl's Rain ) and this time RansomOFF stopped this one. As far as i can see, i lost only one file.
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?

On the desktop is the one file i lost. My PC is not locked. Just checked, there is no suspicious process running.
Also, there is no visible action against the executable file, it's not quarantined, deleted or something.

Update:
Report from RansomOFF: User Action: The user selected to block and terminate this process.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top