App Review RansomFree by Cybereason

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,033
shmu26 said:
I would add to the above that we don't know of any antiransomware product that always works. Only the default/deny solutions can do this, and not every user is ready for such a hardcore solution, for various valid reasons.
Click to expand...
So far from what I observed I don't see any AV or AM product stating their limitations. Probably that's due to too large a malware database to specify. Only anti-ransomware products does that like what I have stated previously for BD, Kaspersky, RansomFree, HMPA and SBGuard.

So when an anti-ransom product "fails" the test we have to question are we testing within the product's limitations or outside its limitations. The former would render the product an absolute failure whereas the latter would render the test void since you are testing outside its limitations.
 
  • Like
Reactions: AtlBo
RejZoR

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
MalwareBlockerYT said:
Really? I haven't tested AVG in a long time but when I last tested it, it wasn't really very good in any aspects of the test - this was over a year ago though..
Click to expand...

I've tested the recent AVG Beta, the one with avast! scan engine and IDP called "Software Analyzer". I was only testing behavior blocker (like usual ;) ) and it detected pretty much everything with it only. Which in a way explains why AVG was scoring so well in all recent AV-C tests...
 
  • Like
Reactions: Der.Reisende, AtlBo, MalwareBlockerYT and 4 others
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks for being thorough and giving the program every chance. Must have been some hours putting the video together, so thanks for all your work. I don't know about RansomFree though. I guess I can say at least that I'm not ready for it, even if it is good enough to install and run. Maybe there will be more from the program in the future.
 
  • Like
Reactions: Der.Reisende, Deleted member 2913, ForgottenSeer 55474 and 1 other person
RejZoR

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Well, since this also relies on behavior analysis, it'll fall into my testing regime. I've already installed it on my host system and I already see what they are doing. It's a very primitive, but also very clever method. I'm sure ransomware writers will try to bypass it, but still. They place a honeypot on a root of the drive in a folder with randomly generated name so it can't be bypassed just like that, but it starts with characters that get listed before any folders or files with an alphabet name. When ransomware flies through the file/folder indexes and tries to encrypt files in the honeypot, RansomFree jumps on the file initiating it. It probably does other things in the background, but in a nutshell, this is it. Like I've said, primitive, but effective. Sometimes simple solutions are the best.
 
  • Like
Reactions: AtlBo, Av Gurus, Evjl's Rain and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
RejZoR said:
Well, since this also relies on behavior analysis, it'll fall into my testing regime. I've already installed it on my host system and I already see what they are doing. It's a very primitive, but also very clever method. I'm sure ransomware writers will try to bypass it, but still. They place a honeypot on a root of the drive in a folder with randomly generated name so it can't be bypassed just like that, but it starts with characters that get listed before any folders or files with an alphabet name. When ransomware flies through the file/folder indexes and tries to encrypt files in the honeypot, RansomFree jumps on the file initiating it. It probably does other things in the background, but in a nutshell, this is it. Like I've said, primitive, but effective. Sometimes simple solutions are the best.
Click to expand...
right. It fails when the ransomware ignores the logical order of files, and instead goes on a search-and-destroy mission for high-value targets, such as a hospital's data base.
 
  • Like
Reactions: Deleted member 2913, AtlBo, Evjl's Rain and 1 other person
RejZoR

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Friendly reminder, don't use copyrighted music in videos, otherwise you'll get them flagged or blocked from embedding.

Yeah, I've tested RansomFree myself and it indeed doesn't protect partitions other than C: one. If ransomware encrypts drives in reverse order it won't block it. It also fails sometimes when C: is protected, but D: isn't, despite blocking the ransomware.
 
  • Like
Reactions: Deleted member 2913, AtlBo and shmu26
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
New version 2.1.1.0 is out.
UPLOAD.EE - CybereasonRansomFree.msi - Download

Clipboard01.jpg

Honeypot are now hidden and also on second drive.

Clipboard02.jpg
 
Last edited:
  • Like
Reactions: Der.Reisende, Deleted member 2913, shmu26 and 1 other person
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
What if changes to the types of files protected by the program were sandboxed to be examined once the process has finished running or on a file by file basis? Would this work to protect against all types of ransomware?

Even if the malware started back up the same sandboxing could be started again. Then as was mentioned, some sort of rollback could be put in place. Maybe too some support and standards from standard encryption program developers, developed in conjunction with the security companies, might be a big help with identifying ransomware too. Ready for ransomware to be over personally. :mad:

Hope it tests better the second time around.
 
  • Like
Reactions: Der.Reisende and Deleted member 2913

Similar threads

simmerskool
    • Like
AI Assist compare DeepInstinct to Cybereason
Replies
1
Views
246
AI-Powered Dedicated Forum
Bot
Bot
silversurfer
    • Like
    • +Reputation
Malware News New Python-Based Snake Info Stealer Spreading Through Facebook Messages
Replies
0
Views
1,313
Security News
silversurfer
silversurfer
ShenguiTurmi
    • Like
    • Thanks
Question Finding a Cybereason reseller
Replies
20
Views
1,880
Other security for Windows, Mac, Linux
likeastar20
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top