App Review More Fun with Ransomware Part 5

[cruelsister]

No- they will all have some sort of payload, the most difficult for traditional security products to stop being a scriptor. But currently the biggies being delivered via exploits are are first the reincarnation of the Tofsee exploit (still using a rented server in Guiyang. China but controlled (unless I'm wrong, which I'm not) from India; second is the successor to Tesla, CryptXXX.

 

[Azure]

Was "Windows file sharing (SMB) protect shared folders" enabled on HitmanPro.Alert's Cryptoguard?

 

[XhenEd]

@cruelsister Good test!

Attack vectors are everywhere!

Can you test AppGuard against ransomware? I know the ransomware can't launch in the user-space, but let's say you turn AppGuard off, then open the malware, and then let AppGuard turn on after a restart. I'm not sure, though, if that will be a proper test.

 

[cruelsister]

AppGuard will be featured in the RAT series, both in Lockdown and default mode. Will be seen in either Part 3 or 4 depending on my mood (I will throw in a ransomware sample as a malware control in addition to the RAT).

 

[peterlonz]

I'm sure I reflect the opinion of others regularly reading these posts & visitors:
Thank God for cruelsister.
Her answers & comments are always to the point, carry conviction and appear to be some of the best available in a public forum.
Having said that I struggle to keep up, it remains difficult (for the uninitiated like myself) to know how to approach security using simple programs that work.
For reasons unclear to me I can not even complete a system image no matter which program I use, that's about as basic as problems come.