Ransomware Test Program

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Reading an article in the news feed, noticed this link:

How to find out if your PC is vulnerable to ransomware

Installed this ransomeware test program KnowBe4 Ransim linked on the page, and passed with Comodo HIPS/auto-sandbox, both kicking in and NVT ERP off and then with Comodo HIPS/auto-sandbox off with NVT ERP on. Ran the test last with Comodo HIPS/auto-sandbox both off and with NVT ERP off. AppCheck blocked 5 or the 10 tests before there was a blue screen. Not sure why the bluescreen. Maybe something to do with the test program testing MBR protection? IDK.

Qihoo 360 grabbed the startup file for the program at the end of installation, after the installer wanted to change a system key (I shouldn't have but I allowed this because I was recording with Comodo Programs Manager). I had to restore the startup file to run the program.

I don't know about this, even though I downloaded it from Major Geeks, which has been safe for me. Also, the linking page seems reputable in betanews. I managed to monitor the installation of the test program with Comodo Programs Manager, so I was able to remove it that way. There were over 400 registry keys.

The program analyzes drives to find pics/documents, so maybe that is why there are so many keys. Also tried to install this on a W10 32 bit computer with Emsisoft IS, but the installation fails, even as admin.

Posting this to see if anyone has ever run across it or might have an opinion. I can't recommend the test software myself since I know nothing about it or KnowBe4 software, who wrote the test and because of the 360 alerts. For sure it could be safely run in a VM with a duplication of someone's setup, if you REALLY want to know how you would do against ransomeware.

Screen captures of the results. Tried to get one from AppCheck, but I was a little bit too slow and then the bluescreen:

Test 1 Comodo Firewall HIPS and AS On.png
Test 2 NoVirusThanks ERP.png
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
Hello, blue screen issue while running RanSim was found in 2.0.0.17, and it's resolved since.
AppCheck 2.0.0.20 is currently newest available version. Do you mind try again with the newest version?
Here's the link.
https://www.checkmal.com/download/AppCheckSetup.exe
Hi

Has v2.0.0.20 solved the high resolution screen display issue? Also, does the MBR feature protects drive with GPT (for UEFI bootup) instead of MBR for BIOS bootup?

Still can't find changelog at your website

Thanks
 
Last edited:

Ikko

From AppCheck
Verified
Developer
Jan 1, 2017
13
Hi

Has v2.0.0.20 solved the high resolution screen display issue? Also, does the MBR feature protects drive with GPT (for UEFI bootup) instead of MBR for BIOS bootup?

Still can't find changelog at your website

Thanks

HarborFront,
High resolution support is not yet resolved, but I can assure you it's in our plan.
IMHO, I haven't seen GPT altering ransomware yet, can you kindly provide a sample if you have one?
And changelog is following URL, but it's all written in Korean. We will write in English as we renew our website for international.

www.checkmal.com/page/support/notice/?detail=read&idx=11

Thank you.
 

Like a Western!

Level 9
Verified
Well-known
Apr 6, 2016
440
Dr.Web got
10/10 VULNERABLE !!!!

i don't like this program :mad: DrWeb was great against ransomwares for me :| now here got 0 ?!

LOL
 
  • Like
Reactions: AtlBo

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,134
HarborFront,
High resolution support is not yet resolved, but I can assure you it's in our plan.
IMHO, I haven't seen GPT altering ransomware yet, can you kindly provide a sample if you have one?
And changelog is following URL, but it's all written in Korean. We will write in English as we renew our website for international.

www.checkmal.com/page/support/notice/?detail=read&idx=11

Thank you.
Hi, thanks for the reply

Nope so far not heard of a ransomware attacking the GPT....not yet. However, GPT is newer and is appearing in many PC/laptops now.
 
  • Like
Reactions: AtlBo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top