[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
 

WinXPert

Level 25
Verified
Helper
Top poster
Malware Hunter
Well-known
Jan 9, 2013
1,459
Can't install on Windows 7 Starter. Missing some dlls.
 

Amelith Nargothrond

Level 12
Verified
Top poster
Well-known
Mar 22, 2017
587
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?

Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
 
  • Like
Reactions: frogboy

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying types
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
 
Last edited:

Amelith Nargothrond

Level 12
Verified
Top poster
Well-known
Mar 22, 2017
587
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying type
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534

I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
 

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
 
  • Like
Reactions: Amelith Nargothrond

Captain Awesome

Level 23
Verified
Top poster
Well-known
May 7, 2016
1,241
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Appcheck is better.
 

Amelith Nargothrond

Level 12
Verified
Top poster
Well-known
Mar 22, 2017
587
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later

Np, anytime.
I restarted the machine first before the restore, now i did got a big warning message with "ransomware activity detected" with two options (Allow/Deny). And i don't know if i did the recovery, or the app, but i had some of my files back (a very few).
This was a very quick test, a more thorough is mandatory to conclude something :)
I'm looking forward for yours! :)
 
  • Like
Reactions: Evjl's Rain

Amelith Nargothrond

Level 12
Verified
Top poster
Well-known
Mar 22, 2017
587
how do you get appcheck free, and what are limitations of free version?

From here: CheckMAL
The free version will not remove the ransomware, will not protect the mbr or files in shared folders (is it only protecting shared folders from a remote encryption and not the entire drive, i don't know - in case of administrative shares), automatic backups are not working.
 
  • Like
Reactions: shmu26

Evjl's Rain

Level 47
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Apr 18, 2016
3,626
I just got a sample of havoc (thank you @Evjl's Rain ) and this time RansomOFF stopped this one. As far as i can see, i lost only one file.
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
 

Amelith Nargothrond

Level 12
Verified
Top poster
Well-known
Mar 22, 2017
587
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?

On the desktop is the one file i lost. My PC is not locked. Just checked, there is no suspicious process running.
Also, there is no visible action against the executable file, it's not quarantined, deleted or something.

Update:
Report from RansomOFF: User Action: The user selected to block and terminate this process.