- Oct 22, 2016
- 409
RANSTOP against ransomware
- Thread starter erreale
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Mar 15, 2017
- 58
Thanks for sharing this! This is a good stress test, although in real life it is almost impossible to get hit by 10 ransomware at the exact same time
.
Would it be possible to share some information on the virus samples you have tried with (i.e. maybe a download link) ?
Also, were you able to recover any files/were the files automatically recovered (the video does not show this part)?
Thanks and keep up the good work!
.Would it be possible to share some information on the virus samples you have tried with (i.e. maybe a download link) ?
Also, were you able to recover any files/were the files automatically recovered (the video does not show this part)?
Thanks and keep up the good work!
- Oct 22, 2016
- 409
Thanks for sharing this! This is a good stress test, although in real life it is almost impossible to get hit by 10 ransomware at the exact same time
Would it be possible to share some information on the virus samples you have tried with (i.e. maybe a download link) ?
Also, were you able to recover any files/were the files automatically recovered (the video does not show this part)?
Thanks and keep up the good work!
I have no problem to share with you the malware used in the test. You have a PM!
Last edited:
- Mar 14, 2017
- 273
I'd be interested in this too to download if you don't mind! Will be great to test my new test secure desktop I am configuring currently.
@CalinGhibu
Hi, Just some questions
1) Is your software limited to protection against certain categories(families) of ransomware or can handle ALL categories of ransomware? I can't find this info on your site.
2) I'm using Microsoft SP4 tablet which do NOT have a MBR. It comes with UEFI/GPT drive. Do I need to enable protection for MBR? If you read further down the below article it describes that the GPT has a MBR as well for backward compatibility purpose. Does your software protects this MBR in the first place rather than the traditional BIOS/MBR found in PC/laptop? And if the attack is successful would your software automatically recovers it?
New ransomware with an old trick: “Petya” parties like it’s 1989
Thanks
Hi, Just some questions
1) Is your software limited to protection against certain categories(families) of ransomware or can handle ALL categories of ransomware? I can't find this info on your site.
2) I'm using Microsoft SP4 tablet which do NOT have a MBR. It comes with UEFI/GPT drive. Do I need to enable protection for MBR? If you read further down the below article it describes that the GPT has a MBR as well for backward compatibility purpose. Does your software protects this MBR in the first place rather than the traditional BIOS/MBR found in PC/laptop? And if the attack is successful would your software automatically recovers it?
New ransomware with an old trick: “Petya” parties like it’s 1989
Thanks
Last edited:
- Oct 22, 2016
- 409
Yes, you are right. The files being encrypted and not auto recovered, but to be honest, I must say that the files were saved and it was possible to recover them later.
The main problem I think is with certain ScreenLocker ransomware, where a no expert user, would trouble to go to the desktop and retrieve files that RANSTOP saved.
- Oct 22, 2016
- 409
Yes, it failed with the set of ransom that I used in the test. Maybe they were too recent for them ... I do not know.
If the software cannot auto recover the files then it is a big failure. It also has a file manual recovery feature. I believe the software must have done a backup of the original files on a separate folder for recovery purpose.
- Oct 22, 2016
- 409
- Mar 22, 2017
- 587
My thoughts exactly at the very beginning, since i also used a slow performing vm for initial testing and i also didn't get my files back right after running the ransomware. And i also ran several ransomware at the same time. But i also noticed that a few minutes later it started to automatically recover my files. If the machine has close to 0 resources (like opening a notepad takes several seconds), the recovery was also very slow in my environment.
Have you let it run a few minutes? The automatic recovery time really depends on how busy the hard drive is from my tests.
Then i tested it in my secure environment, on the host. Well, the results were completely different. I got my files back almost instantly, automatically.
Have you let it run a few minutes? The automatic recovery time really depends on how busy the hard drive is from my tests.
Then i tested it in my secure environment, on the host. Well, the results were completely different. I got my files back almost instantly, automatically.
- Mar 15, 2017
- 58
From the video it looks like the word file has been opened before the product detected the threat - in order to assess the auto-recovery, the file should have been closed, and re-opened after the threat was detected (pop-out ) baloon. The file should also be available for manual recovery.
- Mar 15, 2017
- 58
I would not say it failed - the video does not show that.
When testing ransomware, you should not start multiple strains at the same time, because the result becomes irrelevant. Here is why:
Ransomware encrypts certain types of files. If you launch 4 variants, the first one which gets to encrypt the files will do so, while the rest may not. Ranswomare changes file extensions so subsequent ransomware will NOT encrypt the same file, generally - unless you use a variant that encrypts all files (without an extension filter). Having said that, in such a test chances are only ONE ransomware gets to do its job, while others look for files to encrypt.
The product does not detect signatures, it detects behaviors. If ransomware does not get to expose its behavior = encrypt files, it will NOT get detected. That is why from the video, only one threat is detected.
That is why @cruelsister launches ransomware one after another during her tests.
The video does not show results of encryption with other ransomware, nor recovery options.
We have tested the samples and we successfully block all ransomware. One of the files in the test, Cancer, is not ransomware - it is a virus that deletes files and renders the machine unusable - without asking for ransom as files cannot be recuperated. We did not block that during the tests as ransomware, we detect it as a suspicious mass delete operation, reported it as such, and backed up the files. The files it damages can be manually recovered.
- Mar 15, 2017
- 58
For 1, we use file access pattern analysis to detect ransomware, so we detect any ransomware, not just particular families.
For 2 I do not know, I will ask.
- Oct 22, 2016
- 409
I also ran the test only against malware Revenge and was not intercepted automatically. The files were not recovered automatically. RANSTOP allowed recovering encrypted files manually.
- Aug 2, 2015
- 4,286
Save yourself some trouble and remember to upload videos in English here at MT, just a friendly reminder
- Oct 22, 2016
- 409
Save yourself some trouble and remember to upload videos in English here at MT, just a friendly reminder
I do not understand. Where I would not have used English?
- Aug 2, 2015
- 4,286
Never mind, its just your system setting that are in another language, just ignore me
- Oct 22, 2016
- 409
Never mind, its just your system setting that are in another language, just ignore me
I will try to set in English even the OS. Thanks
Similar threads
