- Sep 20, 2016
- 116
- Content source
- https://youtu.be/LecgYgfEVVE
And what happened why the system was infected why it was not stopped Ransomware?
Windows Defender vs Ransomware
- Thread starter XxX Legolas XxX
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
And what happened why the system was infected why it was not stopped Ransomware?
- Sep 20, 2016
- 116
This is not my video i found it on youtube but if it my job Ransomware infect Windows 10 boot maybe if he add system folder in Protected folderds Windows 10 would be clean.
- Apr 9, 2020
- 667
Ransomware-specific protection will, among others, check the following behaviour:
It will not encrypt, not change entropy, not modify the bait files and therefore not show any malicious behaviour that might have been detected.
More general protection mechanisms also include the way samples were obtained, e.g., files that were downloaded via a browser have a specific identifier. These identifiers are missing here. Files that arrive via email attachments, downloaders, droppers or exploits, show certain malware typical patterns that are detected as well. None of these protection mechanisms have a chance in this artificial testing scenario.
Unless you actually want to protect your system from a scenario where you will execute hundrets of ransomware samples in a row, this test is not meaningful in any way.
- writing to AV specific bait files
- modification of many files in a row
- entropy increase in modified files
- file extension change
- shadow copy deletion
It will not encrypt, not change entropy, not modify the bait files and therefore not show any malicious behaviour that might have been detected.
More general protection mechanisms also include the way samples were obtained, e.g., files that were downloaded via a browser have a specific identifier. These identifiers are missing here. Files that arrive via email attachments, downloaders, droppers or exploits, show certain malware typical patterns that are detected as well. None of these protection mechanisms have a chance in this artificial testing scenario.
Unless you actually want to protect your system from a scenario where you will execute hundrets of ransomware samples in a row, this test is not meaningful in any way.
- Dec 23, 2014
- 8,510
The video as an anti-ransomware protection test has many flaws noted already in this thread. Anyway, it is a good basic presentation of the AV capabilities for educational purposes. it can also show that the protection of Defender free on default settings with additionally enabled Controlled Folder Access can be compromised by some sophisticated ransomware.
It seems that at least one sample (MedusaLocker) partially defeated Defender. Although the files in protected folders were not encrypted, some other files were successfully encrypted and the ransomware made the system unbootable for some reason (not uncovered in the video). For more comprehensive protection the Defender settings require enabling ASR rules. The MedusaLocker samples were used in the targeted attacks especially in the healthcare industry.
www.cybereason.com
www.carbonblack.com
It seems that at least one sample (MedusaLocker) partially defeated Defender. Although the files in protected folders were not encrypted, some other files were successfully encrypted and the ransomware made the system unbootable for some reason (not uncovered in the video). For more comprehensive protection the Defender settings require enabling ASR rules. The MedusaLocker samples were used in the targeted attacks especially in the healthcare industry.
Cybereason vs. MedusaLocker Ransomware
There have been reports of MedusaLocker attacks across multiple industries, especially the healthcare industry which suffered a great deal of ransomware attacks during the COVID-19 pandemic.
www.cybereason.com
TAU Threat Analysis: Medusa Locker Ransomware | VMware Carbon Black
In recent weeks Carbon Black’s Threat Analysis Unit (TAU) has seen an increase in the number of infections attributed to the Medusa Locker ransomware family. There were notable traits exhibited by Medusa Locker in these attacks that warranted further investigation to determine behavioral tactics...
www.carbonblack.com
Last edited:
- Sep 13, 2012
- 191
windows defender improve...
Similar threads
