App Review RansomOff - First Look at New User Interface

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Do you like new GUI?


  • Total voters
    41

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Funny you should ask as I was screwing around with the bunch earlier this week with a specific focus on modified NotPetya variants. The most impressive result came from an application that I mercilessly mocked in the past, that being RansomFree. Not wanting to accept that either they improved or (God Forbid!) that I could have been wrong I also added on some other nasties and sadly got a very good (perfect for my malware set) result. As I misplaced my Ranstop credential so I couldn't test that one.

So although both Ranstop and AppCheck have excellent backup options I question efficacy of AC due to the NP result; jury is still out on Ranstop until I can test it.
That leaves Ransomfree and RansomOff. Once RansomOff comes out of RC status it may (will) have the greater utility due the HIPS, but the HIPS settings have to be optimized some way to prevent FP's. RansmomFree has improved and I guess can now be considered a viable option.
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
IMO, the color of black and grey combo is a poor choice. Maybe you can come out with a few GUIs with different color selection for the user to choose

:)

Thanks. We changed some things up a bit from the video but it still has a dark layout. Once we finally get the updated release out maybe we will go back and add an option so you can select a light or dark layout.

Speaking of the updated release, it should be any day now. There are just a few finishing touches left.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
@HeiDef

I refer to the features listed on your website particularly

Heilig Defense RansomOff

Startup change detection
System file change detection
Process hollowing detection

Are these protected by RansonOff besides just detection? It's no point having detection without protection.

One suggestion. Can you show what ransomware are being protected against by RansomOff on your website like when the ransomware was neutralized etc This allows the user to know the effectiveness of RansomOff against the latest ransomware. Maybe the earlier ones you can lump them together but starting with some of the latest ones, say for the past 2 months or so, can you assign some dates to them?

Thanks
 
Last edited:
  • Like
Reactions: XhenEd

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
Anker- when you are testing it please note the various settings for the HIPS (which is a good thing). A balance must be struck between applying the settings that will stop malware while also leaving those settings that will trigger FP's alone. I know there is an optimal configuration but only folk like you will lead us into the light!

However I will say that in the short time I had my way with RO I was impressed by its ability to squash worms (even those with unconventional persistence mechanisms) as well as it being able to stop a very nasty RAT. I actually completed a video about the latter last week but am reticent to publish it as I'm not sure of the proper settings to be used to yield real-world applicability.

RO does some analysis on the actions to filter out legit operations but like you said, the tuning of the HIPS settings as well as any exemptions goes a long way in preventing unnecessary notifications.
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
@HeiDef

I refer to the features listed on your website particularly

Heilig Defense RansomOff

Startup change detection
System file change detection
Process hollowing detection

Are these protected by RansonOff besides just detection? It's no point having detection without protection.

One suggestion. Can you show what ransomware are being protected against by RansomOff on your website like when the ransomware was neutralized etc This allows the user to know the effectiveness of RansomOff against the latest ransomware.

Thanks

With the addition of the new HIPS settings in the soon-to-be-released version, all of the things that RO detects can be blocked at the point in time of notification.

For the website, do you mean just a list of ransomware families RO protects against? Or video demos of new ransomware strains?
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
With the addition of the new HIPS settings in the soon-to-be-released version, all of the things that RO detects can be blocked at the point in time of notification.

For the website, do you mean just a list of ransomware families RO protects against? Or video demos of new ransomware strains?

That's great. Waiting for the official release then.

No need video. Just a tabulated reverse chronological listing with dates and status will do. This will keep the user informed of the latest ransomware and the speed at which RansomOff can neutralized them e.g. of status like 'Neutralized', 'Working On It' etc

A table like

Name of Ransomware............Status.............Date Neutralized

Thanks
 
Last edited:
  • Like
Reactions: XhenEd

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
That's great. Waiting for the official release then.

No need video. Just a tabulated reverse chronological listing with dates and status will do. This will keep the user informed of the latest ransomware and the speed at which RansomOff can neutralized them e.g. of status like 'Neutralized', 'Working On It' etc

A table like

Name of Ransomware............Status.............Date Neutralized

Thanks

RansomOff is signature-less so the neutralized date should be whatever date the ransomware is released. Now obviously no software is 100% but for the most part RO can handle the majority of ransomware as it comes out.

But I understand your point. A website refresh is on our to-do list which will make it more informative of RO's capabilities.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Guys- I came to my senses and will be publishing the RansomOff vs RAT video tonight before I go out. This will be for a single RAT sample but will indeed demonstrate the HIPS.

Plus the song is too pretty to waste...

Correction to a previous post above- Although RansomFree did indeed stop BadRabbit and the initial NotPetya malware that I tried, my cat re-coded NotPetya (Ophelia is such a bitch) and RansomFree failed.
 
Last edited:

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
@Trickster GUI interface is like a girl.
SHvFl like this girl but you like that girl.
Is your girl ugly? NO
IS @SHvFl GF ugly? Nah:cautious:
I mean it's about Tastes:notworthy:i like this Gui but another one may dislike it:D
Agree 100%.

I seldom interface with the GUI. Set and forget. And should ransomware raise its head, I shan't complain of how my rescuer clothes herself.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
@HeiDef

Your website says RansomOff detects and defeats the latest threats with Next-Gen defense by using machine learning techniques to evaluate and stop threats in real-time, even unknown ones.

Heilig Defense

So do you consider RansomOff as a TRULY Next-Gen security software?

Thanks
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
@HeiDef

Your website says RansomOff detects and defeats the latest threats with Next-Gen defense by using machine learning techniques to evaluate and stop threats in real-time, even unknown ones.

Heilig Defense

So do you consider RansomOff as a TRULY Next-Gen security software?

Thanks

Our other security product, Correlate, uses ML techniques. RansomOff does not. But I can see how the website could confuse. I'm not sure if the term next-gen has a standard definition but I've generally taken it to mean a signature-less solution able to handle new and emerging threats. In that case, RansomOff fits that definition. So depending on how you define next-gen, your mileage may vary.
 

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
667
Please do not install RansomOff at this time if you have Secure Boot enabled.
?
isn't there a real security advantages to having Secure Boot enabled

Edit:
@shmu26 Not all Windows 10 w/ secure boot has the issue but only more recent updates (1607+). Either way, we are getting the drivers cross signed for this release so there shouldn't be any boot issues in the future. #13
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Yikes, I wasn't even aware of this, but I haven't had a problem on my old Dell XPS with Win 10 Pro x64 v1709 16299.19 with Secure Boot enabled.
I have two windows 10 machines, and one gives me stern warnings when the drivers are not co-signed by MS, while the other machine is more lenient. I don't understand why.
But if it works, it works.
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
I have two windows 10 machines, and one gives me stern warnings when the drivers are not co-signed by MS, while the other machine is more lenient. I don't understand why.
But if it works, it works.

Drivers must be co-signed by Microsoft for Windows 10 in version 1607 or greater except in these three situations.
  • The PC was upgraded from an earlier release of Windows to Windows 10, version 1607.
  • Secure Boot is off.
  • Driver was signed with cross-signing certificate issued prior to July 29th 2015.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top