RansomFree by Cybereason

Discussion in 'other anti-malware software' started by Blackcat, Dec 19, 2016.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Yeah, I read it yesterday. Rubenking rated it excellent. However, he only used two ransomware sampleso_O

    Perhaps @cruelsister will do a retest of it?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I don't like the remnants left behind. That was a pitiful test. Doesn't look he checked to see what happened to any other drives. I hope CS does another test and that she adds checking for activity against other drives, and then scans the system to see if it's clean
     
  3. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    ITMan- I just did a quick test privately, but prior to sharing the results let me rant about a few things:

    1). The author of the PC-Mag piece makes a big deal that the developers are members of the "elite Unit 8200 of the Israeli Intelligence Corps, a team dedicated to cybersecurity." Does anyone here think that the author actually followed up on this claim? Someone should inform Mr Rubenking that inflating backgrounds for public consumption is getting very popular lately; I'm surprised that a company hasn't yet claimed that they are Angels from Heaven sent by God to combat malware (but the year is still young).

    2). The article's author also states: "In testing, with nasty, real-world malware samples, it got the job done." Yet the samples that were used were a Locky (I haven't seen one in months) and a Tesla (I haven't seen one in a year). And then (Oh Lord, KMN) the author tries it against RanSim, where it failed. Adding further insult to the reader, Mr Rubenking states some jive-time argument about RanSim doing something "four levels below the Documents folder". I really want to expand on the latter but I'm sure what I have already written will get this post deleted.

    3). Although RansomFree makes the claim "protects against 99% of ransomware" this is obviously untrue (see my prior 3 videos on it). Also, CyberReason has put out a single new build (this one) in about 2 months. RansomOff has put out about 3 or 4 new builds in April alone in response to certain failings and to make the product better against things pointed out but not elaborated on (it will now clean out the residua from the RAA ransomware strain (which left me breathless).

    But enough talk- I just tried Ransomfree 2.2.6.0 against the ransomware I've been using in my current series. It failed against the first one- a very, very common Cerber variant that is all over the place.

    I would have done a video but I couldn't find a song that short...
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    :argh:

    And to that end an AMEN may be in order?

    I wanna just add that any site that has the audacity or IMO lame script kiddie mentality to think that throwing a In-Your-Face box while a user just landed the page to comb over what's there, doesn't even deserve my attention anymore and I put them on my IGNORE LIST. PC-Mag is a joke and they don't even realize it.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I added PCMag's reviews to the don't bother with list a long time ago.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    LOL, very amusing post. Too bad that RF has apparently not really been improved a lot.
     
  7. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    195
    I enjoyed your post as it made me smile...thanks
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Thanks for reminding me to hold those reviews in utter disdain.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
  11. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Went back to reread this thread beginning to end. Didn't have a chance to do that when I butted in LoL

    Really excellent back and forth to some discussions with differing opinions for the same aim, a True test of a program's metal.

    Does it still pass the stink test? And just curious if anyone sees this one as having future potential or would profit better with some other added approach.

    Not going into comparisons (my current choice is another) just some interest to how it stands up to hard knocks or if satisfaction for this particular one cuts it after each new release or not.
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    I don't think that very many people active on this and other forums are using Ransomfree as their first line of defense against ransomware. There are stronger products.
     
  14. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I didn't test last 2-3 version but think there is not much changes in detection/prevention.
    ...i think that better options is RansomOff.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Could you perhaps test if the newest version at least protects all drives/partitions? Because that was the biggest flaw.
     
  16. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    That was already solved in version before.
    It create Honeypot on every drives/partitions.
     
  17. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Right, but for some reason, they didn't work, when tested.
     
  18. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    It's not so much that Honeypots do not work, it is more that some (most) ransomware could care less if a Honeypot is installed or not.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes but I remember that ransomware still managed to encrypt files on second drive.

    But did you test if certain ransomware samples could encrypt only the second drive but not the first? That's what I wonder about.
     
  20. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    That is true.
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Sorry if I missed it but does this program protect BOTH the MBR and the MFT?

    In today's world it's important that they do IMHO.
     
  22. guest

    guest Guest

  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks for testing. Did it protect all drives?
     
  24. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    I didn't test it...it's from someone else...
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    You didn't test WannaCry? Perhaps you can test other samples, or have you stopped testing stuff? I really wonder if they have at least managed to fix this flaw.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.