Hi, I am not so much active here( and other forums) as in the past and so I am not very uptodate with newest and difficult to intercept malware esp ransomware. I want to get info regarding the most recent and difficult to intercept ransomware. Any one has an idea? I am not talking about signature based detection that can de done any way. IU am talking about the ransomware that are difficult to intercept by non signature based software like HMP alert etc. I might try them against some HIPS, sandboxes etc. Thanks
Ransomware is like teenage sex, every teenager talks about it, but no one knows the details and only a few have actual experience.
Bleepingcomputer.com is your best source. They have a whole forum section devoted to ransomware. You will have to contact them on how to get samples. I do know they usually are made aware quickly of the newest and baddest 0-day ones.
I was talking of decumented threats. When I was following HMP alert thread before, it was somethimes missing some new ransomware families and every time they need to update it to add detection of these new threats because the malware techniques being used were different in these cases.
Ransomware is delivered by exploit drive by downloads from compromised websites, malvertising and through e-mail attachments. Common sense is sufficient to safeguard against infection.
Thanks for pointing that out. The fanbase of HPMA equals that of Sandboxie in loyalism and Comodo's in fanatism, so I don't dare to mention that anymore. To comfort HPMA fanboys I will also mention three reason in benefit of HPMA (otherwise they blame me again for bashing their beloved product): Loman brothers usually are very quick to release a solution. In a recent ransomware comparative test (by a company which was used by Surfright themselves in the past for an exploit comparative test in which HPMA came out best) HMPA missed 4 real world samples and like after "the fun with ransomware video" of Cruel Sister where HPMA also missed one ransomware, they offered a new version within days. The advantage of signature less solutions (like HPMA) is that a countermeasure to one new variant of a new family is a countermeasure against all members of that family. Since it is a lot more difficult and less common to develop a new family/variant, these signature less solutions (like HPMA) offer more robust protection Sophos paid over $30 million or so for HPMA, so this shows the value of HPMA over signature based solutions (otherwise the experts of Sophos would not have given a thumbs up for their product). This acquisition benefits HPMA users also, because HPMA is planning a cloud feature to reduce the dependance of upgrading their software (reducing the vulnerability time window from days to hours). Off to work now
http://arstechnica.com/security/201...-that-taunts-victims-and-offers-live-support/ http://www.bleepingcomputer.com/new...l-delete-your-files-until-you-pay-the-ransom/
I don't see anything scary in that as long as a user is following a good back up plan. If they aren't well...