App Review Kaspersky AntiRansomware for Business beta- Part 1

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Don't want to spoil the surprise for the second video, but when morphed variants are not recognized, there is a more than fair chance the behavioral blocker will disappoint you.

Compared to other AV's the detection level of Kapersky AR-tool is good (and very light), that is why I have added it to my wife's Windows 7 laptop which is protected by SRP (basic user) and UAC (deny elevation of unsigned) only.
 
Last edited:

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
"PDM.Trojan.Win32.Bazon.a" is a cloud behavioral detection. You'll see that the detection name won't appear in an offline test- only PDM.Trojan.Win32.Generic and similar Generic detection names (local behavioral detection rules).
Thanks for the information!
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
I think it is well past the point that ransomware should be divided into some sort of categories, depending on who codes it and how it is used. Most broadly:

1). Stuff done by Script Kiddies- these are usually reverse-engineered from existing ransomware and can be distinguished pretty ransom overlays as well as a decryptor being almost immediately available. There will be limited distribution.
2). Stuff from Blackhats who sell packages on the DarkWeb to wanna-be criminals. Once again, limited distribution, fast decryption, and may or may not have and actual Command Server.
3). The most interesting- beta builds of novel ransomware released in order to see if the mechanism of attack is successful. They may or may not ever go into production.
4). The real thing- coded and controlled by those who know what they are doing, both the malware itself as well as any command server will change a number of times daily. Worse, the distribution channel can be massive including (but not restricted to) Mail bombers and maladvertising. There will be no decryption for these, and if one is actually made a new ransomware version will be coded to patch the flaw. Cerber3 and newer Locky comes to mind here.

Don't get me wrong- one can be infected by 1-3, but the probability will be a great deal lower and the effects potentially less devastating than an infection with category 4 ransomware.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top