[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

E

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
 
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Evjl's Rain said:
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
Click to expand...
Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
 
E

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
Amelith Nargothrond said:
Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
Click to expand...
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying types
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
 
Last edited:
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Evjl's Rain said:
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying type
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
Click to expand...
I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
 
E

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
Amelith Nargothrond said:
I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
Click to expand...
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
 
Captain Awesome

Captain Awesome

Level 23
Verified
Malware Tester
Evjl's Rain said:
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Click to expand...
Appcheck is better.
 
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Evjl's Rain said:
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Click to expand...
Np, anytime.
I restarted the machine first before the restore, now i did got a big warning message with "ransomware activity detected" with two options (Allow/Deny). And i don't know if i did the recovery, or the app, but i had some of my files back (a very few).
This was a very quick test, a more thorough is mandatory to conclude something :)
I'm looking forward for yours! :)
 
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
shmu26 said:
how do you get appcheck free, and what are limitations of free version?
Click to expand...
From here: CheckMAL
The free version will not remove the ransomware, will not protect the mbr or files in shared folders (is it only protecting shared folders from a remote encryption and not the entire drive, i don't know - in case of administrative shares), automatic backups are not working.
 
E

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
Amelith Nargothrond said:
I just got a sample of havoc (thank you @Evjl's Rain ) and this time RansomOFF stopped this one. As far as i can see, i lost only one file.
Click to expand...
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
 
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Evjl's Rain said:
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
Click to expand...
On the desktop is the one file i lost. My PC is not locked. Just checked, there is no suspicious process running.
Also, there is no visible action against the executable file, it's not quarantined, deleted or something.

Update:
Report from RansomOFF: User Action: The user selected to block and terminate this process.
 
You must log in or register to reply here.

Similar threads

Correlate
Q&A Bypassing Symantec Endpoint Protection for Fun & Profit (Defense Evasion)
    • Like
    • Applause
Correlate
Correlate
M
Update PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware
    • Like
DDE_Server
DDE_Server
Top