As I still retained the setup the setup I made the adjustment with the updated setting, once again resulting in a Fail (if this was actually a more appropriate setting one must wonder why that method is not the primary in Jetico's own setup video). Also RanSim is not an optimal method to test protection. But as there exist other more robust current ransomware protection techniques available, I'm not sure that further discussion on BC has any point.
@cruelsisiter Hi Meg, "But as there exist other more robust current ransomware protection available, I'm not sure that further discussion on BC has any point." Can you share several of the more robust current ransomware protection with us. That you like? Kind regards,
Agreed. It's pretty well by now long outlived it's usefulness. The true test is burn-in at a dedicated system with REAL current and known notorious ransomware which often times they upgrade it's effectiveness continually. Something RanSim won't do nor if they did would perform the dastardly attacks real genuine ransomware does to adequately test a folder protector.
Moose: Before obsessing about ransomware, it is important to note that the majority of malware currently being distributed are not ransomware, but instead various types of data stealers. The ultimate goal of any Blackhat is financial gain. With Ransomware, once a system is infected the user is immediately presented with some statement demanding money in order to reverse damage, which can either be accepted or rejected by the user. Data Stealers on the other hand can remain quiescent on a system for some times long periods of time with the monetary gain coming from looted bitcoin wallets, stolen passwords for financial institutions, etc. So, Ransomware is really a one-shot deal whereas data stealers, being more insidious will in essence be a gift that keeps on giving. That being said, to answer your question protection from ransomware can be done best by: 1). A really good AV that will detect the ransomware file before it can initiate (like Kaspersky). 2). A sandbox that will isolate the malware and prevent direct encryption (like CF). 3). Excellent imaging software (like Macrium or Veritas), when used properly will allow a user of a ransomed system to reverse damages. Secondarily (and perhaps concurrently, one can use things like: 4). Controlled Folder Access ability of Defender (although this will NOT prevent other files in other areas of the system from being trashed). 5). A dedicated (and effective) anti-ransomware application like AppCheck by CheckMal (which has the ability to detect and delete ransomware based on mechanism). Other things with more marginal ability really have no place in a proper defensive strategy and shouldn’t really be seriously considered (although mocking them can be amusing). And if you will allow a further rant, far too often is the user blamed for a ransomed system, either through being careless or ignorant (both Home Users as well as those in Corporate and Governmental IT departments). The fault really lies with the provider of security solutions whose goal should be protecting the innocent and ignorant from themselves. This is especially true in the Corporate space where often a great deal of the budget is spent on a products that should aspire to be fool-proof (the assumption should always be that those in charge of IT are total idiots).
Yes, I don't see why anyone would want to test with Ransom Simulator when you can just test with real life malware, which will give a way better view on blocking capabilities. BTW, I haven't watched your new video yet.
@cruelsister Truly appreicated your answer with great details. Many Thanks! The above really help in making decisions. Along with variouses tests/reviews. DataStealers and Password Management and control of passwords. Along with keeping Malware off of one system. Always the best,
I have watched the video and BestCrypt did indeed fail to protect against certain samples, but the question what comes to mind is, why did it fail? Do these ransomware samples perhaps use code injection or trusted system processes to perform the encrypting? And would you be willing to test Secure Folders and post about it in the other thread? https://www.wilderssecurity.com/thr...s-anti-executable.369503/page-19#post-3134158
I would also be interested, because I am looking for such a program / utility, if not Secure Folders. The only additional thing I would want is the cross-reference of which program can access which folder, not just a list of allowed programs and folders. But I doubt Cruella would be interested in testing (unfortunately) abandoned software.
I'm of a little different mindset but not so far off. I am curious if ANY folders/files can be (1) ACL adjusted manually to throw a blinder at ANY ransomware distortion & (2) If similar to system drives that we can manually 'HIDE' them from most if not ALL probes. Given the fact that quality fashioned Windows (if we can call them that) ransomwares, must 'act quickly' (not always of course), but assign folders/files with a change to make them appear nonexistent. I'm not talking about explorer searchers or task managers, but STEALTHED. This is an interesting subject though since ransomware in particular absolutely target 'SET' file extensions (amongst other diabolic oddities)
I don't see why it should be a problem to test abandoned software, because from a technical point of view it would be interesting to know if file/folder protection is capable to succesfully block most ransomware. Of course Windows already has built-in protection via Controlled Folder Access, but I believe a tool like Secure folders is much more handy to use. But that's why it's also disappointing that BestCrypt Data Shelter performs so poorly in Cruelsister's test, since I suppose it works about the same as Secure Folders.
