What Is RansomOff? RansomOff is a free, signature-less, endpoint security solution designed to do one thing; stop ransomware dead in its tracks. Signature-less Protection Against Any Threat Because RansomOff is completely signature-less, the underlying ransomware family is irrelevant. No level of code obfuscation is enough to prevent RansomOff from detecting and stopping ransomware before it has a chance to cause damage. https://www.ransomoff.com/ not tested by myself.but seems good
Malwaretips has a thread on it: https://malwaretips.com/threads/hei...most-advanced-anti-ransomware-solution.69977/ First, software is a beta ver.. MT's tests show "mixed results."
Any feedback yet either way? I D/L it and usually test these "without" SD so as to get a full effect feel of just how stable or not it is fresh out of the beta box. System is not a production platform but security testing grid for just these things.
Can you give some more info? Does it protect all partitions and does it successfully blocks the most popular ransomware?
I really have to wait until the next build comes out to be fair. If you go to their website and attempt a download you will see: "We are making a few changes. Please check back often". So as soon as the new build comes out (as long as it actually can be installed properly, something with which there have been major issues for Win 7/8/10) I will add it to my current Ransomware series.
Updated: https://www.ransomoff.com/#about https://www.heidef.com/contact.html https://www.heidef.com/whyhd.html
Done. When viewing remember that as RansomOff is still in Beta, I was trying to be helpful and not mean.
Hi @Rasheed187, I'm the author of RansomOff. Right now the MBR protection is per drive, not per partition. So if you have multiple partitions on a single physical disk, only the first one will be protected. However, we are currently looking into adding multi-partition protection.
Thanks for the info. But to clarify, I wasn't really talking about the MBR protection, but most ransomware variants try to encrypt files on all partitions, so does RansomOff protect against this? And can you perhaps make a list of the ransomware that it will currently block? Also, I don't expect a 100% succesrate with these kind of tools. It failed against which sample exactly? And what about other samples, did it successfully block those?
@HeiDef - Can you brief us on what separates your program the most from others developed lately in this ever growing battle on ransomware with it's encrypt techniques?
Here in is the real weakness of all of this software. Anything less then 100% is failure. And in some cases even 100% may be failure if you machine is left infected.
Got it. Yes RansomOff protects all lettered drives which includes fixed, removable and networked. RansomOff does not use signatures so it is agnostic to ransomware families or variants. Packing and other code obfuscation has no impact on RansomOff's detection. It's strictly behavior based. Thanks to folks like @cruelsister and others over at malwaretips, we've been refining the detection heuristics to make sure it provides as complete coverage as possible. Admittedly it does throw false positives every now and again, as seen with SeaMonkey in @cruelsister's latest video but that's a small price to pay if it blocks actual ransomware. And that's part of the reason we built in an exemption list to handle those situations. We don't have a list of every family and variant it can block but it is highly effective against a wide range of families. It did very well with Evjl Rain's initial test over at malwaretips and the issues identified with that have since been fixed. @cruelsister threw some awesome samples at it and again, we've been refining to make sure our heuristics cover these behaviors. We'll be releasing a new build later tonight that fixes script based attack such as RAA which failed in that test. All in all, if you really want to get a sense of its effectiveness I suggest open a VM and start throwing ransomware at it. Your feedback will be much appreciated as we develop RansomOff and eventually get it out of beta.
The nice thing about ransomware (if you can say that) is that the behaviors that can be observed are generally very distinct from normal software operations (in most cases). Therefore, to identify potential ransomware you look for certain file operation patterns. This is the basis for any signature-less anti-ransomware solution. The differentiator is how that observation and subsequent identification occur. We haven't examined how other anti-ransomware solutions work so it's tough to say exactly how RansomOff is different than others. But RansomOff implements a number of detection strategies, from deception to malware modeling, to identify these patterns and behaviors. Some strategies are more effective than others but taken together can be highly reliable in identifying bad behavior. Besides that, RansomOff is also free and most that contain MBR protection have a cost to it.
A fresh beta of RansomOff (v5.2017.97.7576 - timestamp April 07, 2017) is available there: Edit: a newer beta-version will be published soon. Edit 2: RansomOff (v5.2017.98.6378) (Beta) - #27
We haven't uploaded it yet. It's going through final regression testing now. Hopefully in the next hour or so. We'll post a notice once we do.
That's from yesterday. The new version will be 5.2017.98 or 99 (depending on when it's finished).xxxx.
Not always. Some files are more consequential than others. Losing a few temp files or files in the recycle bin before a detection heuristic kicks in might not be that big of a deal. Obviously it is situational dependent. But there is nothing in the world in any space or area that can guarantee 100% of anything. There are always black swans events or other outliers that completely destroy all previously held assumptions. We don't claim to provide 100% protection. Anyone in the security business long enough knows that just sets you up to look like a fool later on.
Ok, good to know For example AppCheck. The option "Protect MBR" is not available in the free version.