New Microsoft file system technique can make ransomware ‘invisible’

Discussion in 'other security issues & news' started by mood, Nov 21, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,293
    New Microsoft file system technique can make ransomware ‘invisible’
    November 21, 2019
    https://www.siliconrepublic.com/enterprise/nyotron-ransomware-microsoft-file-system-invisible
    Nyotron Discovers Technique That Renders Ransomware Invisible to Security Software
    RIPlace Report (PDF - 753 KB): https://www.nyotron.com/collateral/RIPlace-report_compressed-3.pdf

    Nytron blog entry: Nyotron Discovers Potentially Unstoppable Ransomware Evasion Technique: “RIPlace”
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,293
    New RIPlace Bypass Evades Windows 10, AV Ransomware Protection
    November 21, 2019
    https://www.bleepingcomputer.com/ne...s-evades-windows-10-av-ransomware-protection/
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,750
    In the interests of testing, I ended up sacrificing a file on my desktop:
     

    Attached Files:

  4. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    205
    Location:
    Bulgaria
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,480
    Location:
    The Netherlands
    Interesting, has anyone tested this against tools like HMPA and AppCheck?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.