Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
RansomFree by Cybereason
Message
<blockquote data-quote="RejZoR" data-source="post: 579078" data-attributes="member: 57233"><p>Well, since this also relies on behavior analysis, it'll fall into my testing regime. I've already installed it on my host system and I already see what they are doing. It's a very primitive, but also very clever method. I'm sure ransomware writers will try to bypass it, but still. They place a honeypot on a root of the drive in a folder with randomly generated name so it can't be bypassed just like that, but it starts with characters that get listed before any folders or files with an alphabet name. When ransomware flies through the file/folder indexes and tries to encrypt files in the honeypot, RansomFree jumps on the file initiating it. It probably does other things in the background, but in a nutshell, this is it. Like I've said, primitive, but effective. Sometimes simple solutions are the best.</p></blockquote><p></p>
[QUOTE="RejZoR, post: 579078, member: 57233"] Well, since this also relies on behavior analysis, it'll fall into my testing regime. I've already installed it on my host system and I already see what they are doing. It's a very primitive, but also very clever method. I'm sure ransomware writers will try to bypass it, but still. They place a honeypot on a root of the drive in a folder with randomly generated name so it can't be bypassed just like that, but it starts with characters that get listed before any folders or files with an alphabet name. When ransomware flies through the file/folder indexes and tries to encrypt files in the honeypot, RansomFree jumps on the file initiating it. It probably does other things in the background, but in a nutshell, this is it. Like I've said, primitive, but effective. Sometimes simple solutions are the best. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
