Hey @imuade The website has a list of features (https://www.ransomoff.com). The next release has a few new features so we'll update website once it is released.. And the plan is to keep the home, non-commercial version free.
This is quite a statement in a field full of all sorts of promised solutions FOR A FEE etc. and while some offer them promising the moon this one Ransom0ff, really delivers the goods. err, protections. And FOR NO FEE. Keep it coming Helig Defense.
Ah, OK, I missed that when I visited your website Very nice indeed, especially since you wanna keep it free As soon as the stable version is out, I'll give it a try for sure
Great news - I too will give this a try when the new version becomes available, and see how it plays with ZAM and Vodooshield.
Just curious- In the new version under System process protection would this include notification if a file attempts to change the RAS (Remote Access Control) services from default to automatic? Such a change can result in Tears (not that a Kind and Gentle person like myself knows anything about it).
Had to go look at the code to verify but currently it doesn't alert on changes to service attributes other than imagepath. It'd be a pretty simple change to bring the full services key under protection though.
If simple (and I have no clue about that), it would be an excellent addition as no current product would alert to a true Zero Day high quality RAT that activates via the changes in RAS. I can see the video now- "Ransomoff tells formerly undetectable RAT to Eat It" (or something similar).
Paul- I just love how RansomOff deals with those samples that put loads of Text files, jpg's, etc on the system prior to the encryption process. Once RO kills the malware it vacuums up all of the trash files during the CleanUp function. Poof! Gone! It never gets old!!! (Oh God I think I'm a Geek...)
I've been playing around with RO, an it doing a good job. One thing I'd like to see is it handle script files as well as exe's So far I am impressed.
I think for me that is one of the more fascinating and dynamics action I like most. I come to expect it, always. That little tray icon goes into motion totally reversing the dickens out of the junk it dropped. Completely!
Thanks. But handle scripts in what way? RO is already able to deal with script based ransomware. @cruelsister used a script sample in one of her vids a bit back.
In addition to the UI redesign, we changed the icon and logo of RO (as can be seen in the video). Unfortunately we don't have an animated task bar icon replacement yet so maybe we'll just keep the current animation in for the time being.
The Applocker acts like a traditional Anti Executable, and one of them white lists scripts. That's kinda what I had in mind
That makes sense. In the App Locker case, you're right that scripts themselves are not alerted to but the scripting engines (powershell, wscript, etc) are. Breaking it out as a separate alert is doable though. Thanks for the feedback and glad to finally get you onboard
No matter really HeiDef. The underpinnings of the operational functions still work dynamically and quite effectively. FWIW, I always have had a small abandonware named filechangealarm and it logs as well as sounds off an audio (of a users choosing) and it picks up Ransom0ff In-Progress as it cuts the cord of the offending dropper/executable/changes and wet-dry vacs the surface area of leftover junk leaving nothing behind but a normal return to usual PC functions WITHOUT interruptions.
Thanks for the feedback. It is mentioned in the report that RansomFlare is also looking at known malicious behavior that all ransomware trigger, so that should block most variants, I believe RansomOff is doing the same.
But wait, there's more ... ! Having the privilege of some compatibility testing the latest version, with HIPS-Lite (and new GUI). Sure is looking good, and stable for me now, after some crashes due to co-existing with some uncommon softs on that machine. Hopefully should be released soon. Kudos to Dave and team. Edit: Having an oopsie with App Lockdown, but I'm sure we'll sort it out.
Although I haven't had much time, I did play a bit with RO5 Build 7816 RC1. Especially I was curious how it would do against the Nation State RAT that had gone undetectable for years prior to someone stumbling upon it. I tested RO against the original malware as well as a number of variants, and in all cases was the mechanism detected and blocked. Please understand that this is no trivial result, but actually a detection that had previously bypassed the Best of the Best. Second- I must confess that when I heard "HIPS" I thought instead of "FP". I was surprised that my set of stuff that normally cause (and have for RO in the past) HIPS to generate a FP no longer did so. So my take so far (in the vernacular): Dave- U guys dun gud. M
Further to what Peter said, likewise for me...just waiting for the new release...to give it a detailed spin...in fact...can't wait. Regards, Baldrick
Thank You dear lady CS. That is one in particular which is surely escaped my own attention (which is always easy to do) but is very important your results on that elusive rogue RAT proven out to the positive with this program. It's noteworthy the value placed even on these most clever of PC penetrators. Turn over every stone is a good motto.