Newest and difficult to intercept ransomware

Discussion in 'other anti-malware software' started by aigle, Jul 25, 2016.

  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, I am not so much active here( and other forums) as in the past and so I am not very uptodate with newest and difficult to intercept malware esp ransomware.

    I want to get info regarding the most recent and difficult to intercept ransomware. Any one has an idea? I am not talking about signature based detection that can de done any way. IU am talking about the ransomware that are difficult to intercept by non signature based software like HMP alert etc.

    I might try them against some HIPS, sandboxes etc.

    Thanks
     
  2. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,067
    Location:
    Netherlands
    Ransomware is like teenage sex, every teenager talks about it, but no one knows the details and only a few have actual experience.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Bleepingcomputer.com is your best source. They have a whole forum section devoted to ransomware. You will have to contact them on how to get samples. I do know they usually are made aware quickly of the newest and baddest 0-day ones.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I was talking of decumented threats. When I was following HMP alert thread before, it was somethimes missing some new ransomware families and every time they need to update it to add detection of these new threats because the malware techniques being used were different in these cases.
     
  5. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,438
    Ransomware is delivered by exploit drive by downloads from compromised websites, malvertising and through e-mail attachments.

    Common sense is sufficient to safeguard against infection.
     
  6. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,067
    Location:
    Netherlands
    :thumb: Thanks for pointing that out.

    The fanbase of HPMA equals that of Sandboxie in loyalism and Comodo's in fanatism, so I don't dare to mention that anymore.:blink: To comfort HPMA fanboys I will also mention three reason in benefit of HPMA (otherwise they blame me again for bashing their beloved product):
    1. Loman brothers usually are very quick to release a solution.
      In a recent ransomware comparative test (by a company which was used by Surfright themselves in the past for an exploit comparative test in which HPMA came out best) HMPA missed 4 real world samples and like after "the fun with ransomware video" of Cruel Sister where HPMA also missed one ransomware, they offered a new version within days.

    2. The advantage of signature less solutions (like HPMA) is that a countermeasure to one new variant of a new family is a countermeasure against all members of that family. Since it is a lot more difficult and less common to develop a new family/variant, these signature less solutions (like HPMA) offer more robust protection

    3. Sophos paid over $30 million or so for HPMA, so this shows the value of HPMA over signature based solutions (otherwise the experts of Sophos would not have given a thumbs up for their product). This acquisition benefits HPMA users also, because HPMA is planning a cloud feature to reduce the dependance of upgrading their software (reducing the vulnerability time window from days to hours).

    Off to work now
     
    Last edited: Jul 26, 2016
  7. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,092
    Location:
    Hollow Earth - Telos
    Scariest Ransomware ever? | Meet Jigsaw .... Go find the utube video
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040

    I don't see anything scary in that as long as a user is following a good back up plan. If they aren't well...
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,238
    I agree.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    :D
     
Loading...