shmu26

Level 85
Verified
Trusted
Content Creator
back to the original topic: ransomfree is a free program, it is obviously in early stages, that's why it doesn't have a developed GUI.
the files and folders it drops around the system are an integral part of its protection mechanism. If any of those files gets modified, that triggers it.
I didn't see any of them on my desktop, but I did see a couple folders on C:\
 
W

Wave

If any of those files gets modified, that triggers it.
It most likely monitors what software performs the modifications to the files it leaves dropped around the system (therefore the dropped files act as bait); when a modification occurs it most likely performs check-ups to see what the modification was like (e.g. identify encryption) and then depending on the results, block the program which performed the modification.

The above is just a concept idea on how it could be working, but without proper manual testing it's hard to know and impossible to be sure. :)
 

AtlBo

Level 27
Verified
Content Creator
I did notice one thing. I managed to open one of the word files. I didn't recognize anything, and I didn't edit the file. I run Word in 360 sandbox (didn't try out of the box), so I don't know if it might happen that someone edits a file and inadvertently triggers the app. I mean, I don't know what would happen either way. I wonder what might happen in that case.
 

AtlBo

Level 27
Verified
Content Creator
Petya (Red) win....
Was the damage to files complete/partial?

Wondering a little bit more about how this works. Does it allow batch writes to the test files to detect to see if they are in a language other than a normal one or if maybe the test file names after a write have a telltale signature other than a normal one?

It might be interesting to do a batch file change of files in a protected folder to see if it's possible to get a false positive from it LOL.
 

Av Gurus

Level 29
Verified
Trusted
Malware Hunter
It does not have updates/definitions.
I think it's track/watch files for modifications and then it stops when it happens.

Here are folder (picture) with couple of files encrypted but then program detected and blocked that action.

Clipboard02.jpg

It also flag that Ransomware file when you click Stop'n'Clean

Clipboard03.jpg
 

HarborFront

Level 51
Verified
Content Creator
It does not have updates/definitions.
I think it's track/watch files for modifications and then it stops when it happens.

Here are folder (picture) with couple of files encrypted but then program detected and blocked that action.

View attachment 127537

It also flag that Ransomware file when you click Stop'n'Clean

View attachment 127538
So it's bulletproof against ALL types of ransomware since no definitions update is required.

Thanks
 
W

Wave

It's working on AI? Won't it be interesting to know why no updates is required?
It's based on dynamic analysis, but that doesn't mean it will detect all ransomware. It's already failed in some tests by @Av Gurus since it failed to protect against Petya, which is a more sophisticated ransomware threat (than your average) which works by targeting the Master Boot Record.

It seems this product works by placing files around as bait to catch out programs attempting to encrypt the data within these bait test files.
 
Top