New Microsoft file system technique can make ransomware ‘invisible’ November 21, 2019 https://www.siliconrepublic.com/enterprise/nyotron-ransomware-microsoft-file-system-invisible Nyotron Discovers Technique That Renders Ransomware Invisible to Security Software RIPlace Report (PDF - 753 KB): https://www.nyotron.com/collateral/RIPlace-report_compressed-3.pdf Nytron blog entry: Nyotron Discovers Potentially Unstoppable Ransomware Evasion Technique: “RIPlace”
New RIPlace Bypass Evades Windows 10, AV Ransomware Protection November 21, 2019 https://www.bleepingcomputer.com/ne...s-evades-windows-10-av-ransomware-protection/
I tested it as well. Comodo's HIPS passed the test: When the changes are allowed the file is encrypted: https://i.imgur.com/m4tBJn0.png When the changes are not allowed the file is not encrypted: https://i.imgur.com/I5ipB80.png
Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic November 18, 2020 https://www.seqrite.com/blog/thanos...ti-ransomware-protection-with-riplace-tactic/