New antiransomware product: RansomFree

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
back to the original topic: ransomfree is a free program, it is obviously in early stages, that's why it doesn't have a developed GUI.
the files and folders it drops around the system are an integral part of its protection mechanism. If any of those files gets modified, that triggers it.
I didn't see any of them on my desktop, but I did see a couple folders on C:\
 
W

Wave

If any of those files gets modified, that triggers it.
It most likely monitors what software performs the modifications to the files it leaves dropped around the system (therefore the dropped files act as bait); when a modification occurs it most likely performs check-ups to see what the modification was like (e.g. identify encryption) and then depending on the results, block the program which performed the modification.

The above is just a concept idea on how it could be working, but without proper manual testing it's hard to know and impossible to be sure. :)
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I did notice one thing. I managed to open one of the word files. I didn't recognize anything, and I didn't edit the file. I run Word in 360 sandbox (didn't try out of the box), so I don't know if it might happen that someone edits a file and inadvertently triggers the app. I mean, I don't know what would happen either way. I wonder what might happen in that case.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
So no one put some picture, here are some of them (installation, RAM usage, test on Locky and Cerber):

Clipboard01.jpg Clipboard02.jpg Clipboard03.jpg Clipboard04.jpg Clipboard05.jpg Clipboard06.jpg Clipboard07.jpg Clipboard08.jpg Clipboard09.jpg Clipboard10.jpg Clipboard11.jpg Clipboard12.jpg
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I've had several large folders scattered around C:\ with an assortment of .doc .jpg etc. The folders though are now in excess of a GIG though. The blurb on the FAQ on the site indicated around 100 meg should be used, so I assume work needs to be done?
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Petya (Red) win....

Was the damage to files complete/partial?

Wondering a little bit more about how this works. Does it allow batch writes to the test files to detect to see if they are in a language other than a normal one or if maybe the test file names after a write have a telltale signature other than a normal one?

It might be interesting to do a batch file change of files in a protected folder to see if it's possible to get a false positive from it LOL.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
It does not have updates/definitions.
I think it's track/watch files for modifications and then it stops when it happens.

Here are folder (picture) with couple of files encrypted but then program detected and blocked that action.

Clipboard02.jpg

It also flag that Ransomware file when you click Stop'n'Clean

Clipboard03.jpg
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
It does not have updates/definitions.
I think it's track/watch files for modifications and then it stops when it happens.

Here are folder (picture) with couple of files encrypted but then program detected and blocked that action.

View attachment 127537

It also flag that Ransomware file when you click Stop'n'Clean

View attachment 127538
So it's bulletproof against ALL types of ransomware since no definitions update is required.

Thanks
 
W

Wave

It's working on AI? Won't it be interesting to know why no updates is required?
It's based on dynamic analysis, but that doesn't mean it will detect all ransomware. It's already failed in some tests by @Av Gurus since it failed to protect against Petya, which is a more sophisticated ransomware threat (than your average) which works by targeting the Master Boot Record.

It seems this product works by placing files around as bait to catch out programs attempting to encrypt the data within these bait test files.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top