[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
Thanks everyone for the patience. We found an issue with the 32-bit MSI installer and it took a little longer than expected to fix it. But we just updated the website (Heilig Defense Correlate RansomOff) with the new version. We also added a few new features based on some of the initial feedback to include an attempt to clean up any artifacts dropped by the ransomware as well as doing a better job of terminating the full process tree.

For those of you testing on a Win7 system, please make sure you have KB3033929 installed. That's what allows for drivers signed with SHA-256 to load. Thanks again and looking forward to hearing any feedback.
 

Captain Awesome

Level 23
Verified
Top Poster
Well-known
May 7, 2016
1,285
Thanks everyone for the patience. We found an issue with the 32-bit MSI installer and it took a little longer than expected to fix it. But we just updated the website (Heilig Defense Correlate RansomOff) with the new version. We also added a few new features based on some of the initial feedback to include an attempt to clean up any artifacts dropped by the ransomware as well as doing a better job of terminating the full process tree.

For those of you testing on a Windows 7 system, please make sure you have KB3033929 installed. That's what allows for drivers signed with SHA-256 to load. Thanks again and looking forward to hearing any feedback.
Looking forward to test it.One question about MBR ransomware protection of RansomOff.Is RansomOff protected by this type of ransomwares?
 
Last edited:
  • Like
Reactions: sunshineboy

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
Looking forward to test it.One question about MBR ransomware protection of RansomOff.Is RansomOff protected by this type of ransomwares?

RansomOff does not protect against MBR ransomware. Maybe a future release will have that added but MBR ransomware is relatively rare compared to regular ransomware and we want to get that right first before working on a different problem set.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
RansomOff does not protect against MBR ransomware. Maybe a future release will have that added but MBR ransomware is relatively rare compared to regular ransomware and we want to get that right first before working on a different problem set.
Baby steps, makes very good sense ;)
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
RanSimResults.png


For anyone interested.
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Do you recommend this anti-ransomware protection?
not now but after 1 or 2 versions
I noticed a few problems with it:
- after the BSOD and reboot, it created so many empty files with various extensions (.doc, ppt, xls, txt,...) visible (not hidden) almost everywhere in the machine and could not be opened or deleted. It broke the functionality of many other applications, extremely annoying. I thought I got hit by ransomwares. After the second reboot, they were gone and things were normal again
- It conflicted with office 2007 portable and the ransomwares after the reboot => BSOD again (perhaps another reboot could have solved the problem but I didn't want to)
- The startup speed was very slow although it didn't impact the boot time. It just started itself slowly and consumed a little CPU and disk activity => vulnerable during this period

you can try it now but consider what I wrote here :p
 
Last edited:

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
not now but after 1 or 2 versions
I noticed a few problems with it:
- after the BSOD and reboot, it created so many empty files with various extensions (.doc, ppt, xls, txt,...) visible (not hidden) almost everywhere in the machine and could not be opened or deleted. It broke the functionality of many other applications, exetremely annoying. I thought I got hit by ransomwares. After the second reboot, they were gone and things were normal again
- It conflicted with office 2007 portable and the after the ransomwares after the reboot => BSOD again (perhaps another reboot could have solved the problem but I didn't want to)
- The startup speed was very slow although it didn't impact the boot time. It just started itself slowly and consumed a little CPU and disk activity => vulnerable during this period

you can try it now but consider what I wrote here :p

Isn't it killing some system processes that got injected by the ransomware? I would prefer that rather to lose my files.
 
  • Like
Reactions: Handsome Recluse

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Isn't it killing some system processes that got injected by the ransomware? I would prefer that rather to lose my files.
it did kill some processes but not all of them. Some were still running and some duplicated themselves in different folder and set autorun entries to start on boot

I saw 1 sample blocked by RansomOff but it was running on boot and infected the VM. It had to get rid of it before restarting the video. I forgot to write it down on the text. People don't like read too much
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
it did kill some processes but not all of them. Some were still running and some duplicated themselves in different folder and set autorun entries to start on boot

I saw 1 sample blocked by RansomOff but it was running on boot and infected the VM. It had to get rid of it before restarting the video. I forgot to write it down on the text. People don't like read too much

Strange, my results were pretty bad, yours are pretty good. I didn't had any BSOD (except from petya), but you had many.
 
  • Like
Reactions: Handsome Recluse

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Strange, my results were pretty bad, yours are pretty good. I didn't had any BSOD (except from petya), but you had many.
I think they improved something in this version so it is better
I'm using windows 7 x86 so the result may be different from yours. Petya causes BSOD itself so it's not BSOD :D
I used Office 2017 portable and you don't use so it was my fault
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Better than most free ones, right? Appcheck and Ranstop both have MBR protection and also recover files.
yes better than most free ARs. RansomOff missed nothing in my test while it was running but failed when it was not up
I may have to test more samples like what I did before so the result would be more reliable

appcheck and ranstop missed a few or blocked but some files were deleted
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
yes better than most free ARs. RansomOff missed nothing in my test while it was running but failed when it was not up
I may have to test more samples like what I did before so the result would be more reliable

appcheck and ranstop missed a few or blocked but some files were deleted

Really? I saw your reviews, i must have missed what did they miss, didn't see any missed ransomware. Thanks @Evjl's Rain !
 
  • Like
Reactions: Evjl's Rain

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top