RansomFree by Cybereason

Very disappointing, this tells me that there are probably NO other behavioral monitors, it's only watching the honey pot files, before it decides ransomware is probably active. And I wonder if all partitions are now protected in the newest version. I really wonder why the developer hasn't managed to fix this. BTW, this product is also using the honey-pot method:

https://www.watchpointdata.com/cryptostopper-tour

Yes I agree, so no wonder EIS alerted about this.

 

Video of use of "bait" folders as they refer to the honeypots is on the web. Appears software is primarily server based although I believe they offer a workstation version. Viewing the video, they protect all directories from C:\ by default. They also allow and encourage users to create their own honeypot folders. Their software also includes installation of a user service that will auto shutdown the server whenever any ransomware activity is detected. Again, I believe their target market is enterprise.

 

New release...

Ransomware Simulator "RanSim" 1.0.2.4


No release notes or changelog..

 

My experience would indicate otherwise. I have used the beta version of Cartes du Ciel (SkyChart) for years. Never had an issue installing. With RansomFree installed, the installer seems to stop at documents and such telling me that the file being updated is in use by another program, or something like that, and then seems to proceed with no problem if I click "retry". I now pause RansomFree when updating CdC so that the installation isn't continually interrupted.

 

Links?

 

It was mentioned at Majorgeeks today, but it's an "old version" which was already released last week: #76

 

Greeting& Salutations!

Could you tell me the different between Cybereason RansomFree & Kaspersky Anti-Ransomware Tool for Business? For Example Cleaning/Disinfection/Rollback?


Just seeing if individual are really looking into what is working and what is not working
for stopping Ransomware?

http://www.ghacks.net/2016/03/30/anti-ransomware-overview/
At the bottom of the page, Anti-Ransomware Software Comparison.

And in your opinion what the is the best Anti-Ransomware for protection and stopping Ransomware?

Kind regards,

 

OK, I see. But did you get an alert about or not? Because if not, I would consider this more as a conflict.

 

Greeting & Salutations,

Conflict!

Easy way is to turn everything off security and install,
Reboot your system
then turn back on.

Kind regards,

 

A great way to have malware, PUA, PUP, Adware, you name it installed on your PC.

 

Greeting &Salutation,

Not if you do quick scan after installing with your security software that you have install.
5 minutes of your time!!! Not a big deal.

 

A conflict maybe, but if there weren't any other behavioral monitors, why would it be conflicting when another program is attempting to do something with documents and such, and why would there be an alert, if after checking long enough to disrupt the installation, it doesn't find anything suspicious?

 

Might be a bug, if it thinks there is something fishy going on, it should simply alert. But only the developer can give us more answers.

 

As I asked before, if it checked to see if something fishy is going on, but didn't find anything fishy going on, why would it alert? I don't think I would find it too helpful if it just alerted me that something might be fishy, but didn't check.

 

If it doesn't alert, it should also not interfere, I can't explain it any better. But anyway, what's way more interesting, is which other type of behavior it's monitoring. Too bad that the developer hasn't been active in this thread anymore, that's usually not a good sign, unless he's active on some other forum.

 

Maybe I wasn't real clear about what seems to happen;

The installer seems to pause momentarily, and pops up a message telling me that some file, I believe like a help document or something if I recall, is in use, and gives me the option to retry, and when I retry it proceeds. This leads me to believe that RansomFree checked the file to see if anything was suspicious just long enough to interrupt the installation, and as it didn't find anything suspicious it didn't take any other action.

No, it's not ideal, but is an indication to me that RansomFree is doing more than honeypots as other have said even though the developers had said there are in fact other detection methods. I also don't know if any program that is truly effective can be entirely transparent. It may be something that can be improved, but I don't think it's an indication that it's almost worthless as some seem to want to make it out to be.

Maybe the installer for the other program could be improved to not stall as easily on a momentary interruption also?

 

As I'm sure others here are still testing it, and I haven't seen other "conflicts" with RF, I assume problems are pretty rare, and a pretty good sign for new security software, but I would be curious if others here have had any issues?

While it would be ideal, I don't know of any security software that is 100% effective and 100% transparent with no system impacts. I hope the developers will continue to work on it, I have the idea they may know a little bit more about what they're doing than most of us seem to want to give them credit for. It would be nice if they have time to reply on the forum, but I haven't seen a whole lot of positive, helpful posts that would be useful to them.

Anyone else having any issues with RansomFree?

 

OK, I now understand it a bit better.

Same over here, I still think it's an interesting tool, including the honey-pot idea. But the fact that it didn't protect all partitions made some people skeptical, this shouldn't have been missed by such a company. Hopefully they will fix this.

 

Hi guys. I checked out this company before trying this and felt disclosure here may help base opinion. It's mostly intelligence people staffed, also they've taken heavy funding from military and intelligence. Unit8200 is scarier version of NSA. I decided not to try it.

About Cybereason:
Cybereason was founded in Israel by former members of Israel Defense Forces' signals intelligence arm, Unit 8200

Also some funding from: Lockheed Martin Corp, Softbank, Charles River Venture, Spark Capital

 

Thanks,

On the positive side: The Best Tech School On Earth Is Israeli Army Unit 8200 (Business Insider). So it appears they should be competent as to their technical skills.

I would be more concerned if they tried to hide it, from their website:

There is a certain amount of trust you have to put into any security vendor. There are organizations and countries I'm far more concerned about. I believe I'm more at risk from Rasomware than from Cybereason.

But it is good to be informed when you place your trust in a company.

 

@UriCybereason

For at least the past two days I have been getting a Pop-Up Warning to the effect of "Cybereason has encountered an error and has shut down. Restart your computer to re-enable protection." However, it happens on every restart. Have uninstalled.

 

Frankly I don't think @UriCybereason is coming back again.

 

An article about this software: http://www.eweek.com/security/new-free-software-promises-to-help-smbs-fight-off-ransomware.html

 

First it can detect the ransomware malware when it arrives on a computer if it has a signature it recognizes

Signature Based?

 

Having the same thoughts, after such a warm welcome . . .