- Jun 9, 2013
- 6,720
@Wave sounds very interesting. Waiting with baited breath. 
New antiransomware product: RansomFree
- Thread starter shmu26
- Start date
- Jul 3, 2015
- 8,153
back to the original topic: ransomfree is a free program, it is obviously in early stages, that's why it doesn't have a developed GUI.
the files and folders it drops around the system are an integral part of its protection mechanism. If any of those files gets modified, that triggers it.
I didn't see any of them on my desktop, but I did see a couple folders on C:\
the files and folders it drops around the system are an integral part of its protection mechanism. If any of those files gets modified, that triggers it.
I didn't see any of them on my desktop, but I did see a couple folders on C:\
It most likely monitors what software performs the modifications to the files it leaves dropped around the system (therefore the dropped files act as bait); when a modification occurs it most likely performs check-ups to see what the modification was like (e.g. identify encryption) and then depending on the results, block the program which performed the modification.
The above is just a concept idea on how it could be working, but without proper manual testing it's hard to know and impossible to be sure.
- Dec 29, 2014
- 1,716
I did notice one thing. I managed to open one of the word files. I didn't recognize anything, and I didn't edit the file. I run Word in 360 sandbox (didn't try out of the box), so I don't know if it might happen that someone edits a file and inadvertently triggers the app. I mean, I don't know what would happen either way. I wonder what might happen in that case.
- Sep 22, 2014
- 1,767
So no one put some picture, here are some of them (installation, RAM usage, test on Locky and Cerber):
I may have to take a look at this in a video at some point
It looks very interesting...
- Jan 22, 2014
- 577
RansomFree, w8 for @cruelsister review.
- Sep 22, 2014
- 1,767
On my Win10 test system, puts an interesting folder on my Desktop: ! Don't deleteme! I'm helping Cyberreason hunt for ransomware! See screenshot in my post #30.
Interesting (and unsigned) stuff in its service, very system-busy yet low impact:
Interesting (and unsigned) stuff in its service, very system-busy yet low impact:
Last edited by a moderator:
And some more for your entertainment. Notice there's already a WER AppCrash. Unless they put that there on purpose.
- Aug 4, 2016
- 1,465
I've had several large folders scattered around C:\ with an assortment of .doc .jpg etc. The folders though are now in excess of a GIG though. The blurb on the FAQ on the site indicated around 100 meg should be used, so I assume work needs to be done?
- Mar 17, 2016
- 464
- Dec 29, 2014
- 1,716
Was the damage to files complete/partial?
Wondering a little bit more about how this works. Does it allow batch writes to the test files to detect to see if they are in a language other than a normal one or if maybe the test file names after a write have a telltale signature other than a normal one?
It might be interesting to do a batch file change of files in a protected folder to see if it's possible to get a false positive from it LOL.
- Sep 22, 2014
- 1,767
Didn't boot to desktop.
Reverse VM to clean state and doing others test.
Reverse VM to clean state and doing others test.
HI
Does it have any kind of update to update its definitions?
Thanks
Does it have any kind of update to update its definitions?
Thanks
- Sep 22, 2014
- 1,767
It does not have updates/definitions.
I think it's track/watch files for modifications and then it stops when it happens.
Here are folder (picture) with couple of files encrypted but then program detected and blocked that action.
It also flag that Ransomware file when you click Stop'n'Clean
I think it's track/watch files for modifications and then it stops when it happens.
Here are folder (picture) with couple of files encrypted but then program detected and blocked that action.
It also flag that Ransomware file when you click Stop'n'Clean
So it's bulletproof against ALL types of ransomware since no definitions update is required.
Thanks
- Sep 22, 2014
- 1,767
No it's not bulletproof...for now...
It's working on AI? Won't it be interesting to know why no updates is required?
It's based on dynamic analysis, but that doesn't mean it will detect all ransomware. It's already failed in some tests by @Av Gurus since it failed to protect against Petya, which is a more sophisticated ransomware threat (than your average) which works by targeting the Master Boot Record.
It seems this product works by placing files around as bait to catch out programs attempting to encrypt the data within these bait test files.
Similar threads
