Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
 

Amelith Nargothrond

Level 12
Verified
most antiransomware tools have a hard time against MBR ransomware, even appcheck free has no protection, only pro. It's a different kind of attack

besides petya, is it good against other ransomwares?
Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
 

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
Don't know yet, i'm currently restoring my machine :p
But, are you interested in any particular one? Can you suggest one please? I can now download from the hub :)
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying types
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
 
Last edited:

Amelith Nargothrond

Level 12
Verified
hmm the hub most contains cerber
I would like to test it against as many ransomwares as possible regardless of specific types :D
I prefer testing havoc ransomware. many antiransomware tools failed against this type. It's one the most annoying type
if you can't find one, I can give you via pm, no problem :D

EDIT: found havoc.exe
https://malwaretips.com/threads/16-1-2017-9.67594/#post-588534
I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
 

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
I'll try havoc, i tried before your posting some of what i downloaded from the vault.
After another restore, havoc coming up :)

So,
  • RansomOff has a setting called aggresive detection level, that was ON (ticked)
  • It does not recover your files (or if it does, it didn't work on my machine)
  • i got no alerts from ransomoff while running the samples, so i kinda don't know if i it worked at all

What i did:
  1. Matrix ransomware: many of my files got encrypted, but not all (i suppose something worked)
  2. Manually restored my files from another network location
  3. Locky (osiris variant): many of my files got encrypted, but not all (i suppose something worked)
  4. Manually restored my files from another network location
  5. Start Trek ransomware: many of my files got encrypted, but not all (i suppose something worked)
  6. Manually restored my files from another network location
  7. Virlock: all of my files got encrypted, this was the biggest failure

And... i have to restore, i got no more files left after running virlock :)
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
 

Captain Awesome

Level 23
Verified
Malware Tester
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Appcheck is better.
 

Amelith Nargothrond

Level 12
Verified
thank you for the quick test
I think there should be a popup when something is detected according to their video demo.
hmm, @Davidov's test, it showed some positive signs but in your test, it's a total failure
we need 1 or 2 more tests by other people then. I don't think it's better than appcheck

I will involve in this. Probably a few hours later
Np, anytime.
I restarted the machine first before the restore, now i did got a big warning message with "ransomware activity detected" with two options (Allow/Deny). And i don't know if i did the recovery, or the app, but i had some of my files back (a very few).
This was a very quick test, a more thorough is mandatory to conclude something :)
I'm looking forward for yours! :)
 

Amelith Nargothrond

Level 12
Verified
how do you get appcheck free, and what are limitations of free version?
From here: CheckMAL
The free version will not remove the ransomware, will not protect the mbr or files in shared folders (is it only protecting shared folders from a remote encryption and not the entire drive, i don't know - in case of administrative shares), automatic backups are not working.
 

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
I just got a sample of havoc (thank you @Evjl's Rain ) and this time RansomOFF stopped this one. As far as i can see, i lost only one file.
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
 

Amelith Nargothrond

Level 12
Verified
havoc does not encrypt the file in documents but somewhere else such as desktop and other folder :\ and it locks up the machine so we can't do anything except rebooting. Did the app block havoc or leave it running?
On the desktop is the one file i lost. My PC is not locked. Just checked, there is no suspicious process running.
Also, there is no visible action against the executable file, it's not quarantined, deleted or something.

Update:
Report from RansomOFF: User Action: The user selected to block and terminate this process.
 
Top