RansomFree by Cybereason

Discussion in 'other anti-malware software' started by Blackcat, Dec 19, 2016.

  1. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,471
  2. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,160
    Location:
    Paris
    Peter- is there really a need to test the product with 2 drives when it isn't certain that it can protect one?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,985
    Well it is supposed to be new and improved. So who knows. Lets say I am curious.
     
  4. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    500
    Location:
    Croatia
    Not only jpg, check picture:

    Clipboard01.jpg
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,969
    Location:
    DC Metro Area
    Save your time Peter,

    From your Feb 4 post it appears you have already tested v. 2.2.3.

    Version 2.2.3 was released no later than January 25, 2017.

    I downloaded and installed v 2.2.3 on 1/25/17

    While the linked article states that CyberReason "launched" v 2.2.3 at The RSA Conference 2017 today*, it was in fact released much earlier.

    *Article is dated 2/13/17 and states v 2.2.3 was "launched" "today."
     
    Last edited: Feb 13, 2017
  6. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,160
    Location:
    Paris
    Yeah, it was the same build that I tested previously, with the same issues:

    1). MBR lockers ignore honeypots,
    2). As there are no exe's dll's etc in the honeypots Fortress class ransomware will have a free reign,
    3). fast encryptors (like in my video) will trash everything simultaneously without regard for preferential regard for honeypots.

    I would hope by now that this would be intuitively obvious.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,985
    Yep, no surprises. I suppose I could be cynical and say coming from the military I am not surprised, but I would never say that.
     
  8. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    218
    Location:
    USA
    As ex-military myself, I find that real cute. But coming from you, I'm not surprised. Now I'll let your brave fanboys threaten to send me PMs.:rolleyes:

    BTW; are you saying that honeypots are all there are in this application, or is it just the shiny objects youtube testers are fascinated by and can't see around?
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,985
    Well what else is there. The app doesn't perform well.
     
  10. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    218
    Location:
    USA
    Still wonder shy a competing software company says otherwise.

    I admit, I can't say either way from experience myself, but when self testers like you approach a product with an obvious bias, are reluctant to try newer versions, ignore any evidence that doesn't seem to fit your findings, and seem to only focus on why one aspect of the product can't work, such as;
    when it's been pointed out to you before that they claim to incorporate other methods, then I don't trust you to even attempt to be impartial.

    (How many of the above extensions you referenced did you actually try anyway?)
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,985
    What other methods. It's only results that matter. See Hawki's post. No new version. You like and that's fine. You can trust your computer to it, that's fine by me.
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,969
    Location:
    DC Metro Area
    FWIW:

    New Version -- v. 2.2.5.0
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,452
    Location:
    U.S.A. (South)
    Click
     
  14. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,549
    The file version of the dll's and executables are showing v2.2.4.0 :cautious:
     
  15. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,688
    Location:
    Mexico
    Love the suspicious/cautious smiley you use, usually. :thumb: :D
     
  16. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,549
    I downloaded it again and now it's v2.2.5.0 (signed: 2017-02-27)
     
  17. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,160
    Location:
    Paris
    Mood- Are you having any issues with RansomFree hanging at shutdown? And if so/not, what OS are you using?
     
  18. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,549
    After installing RansomFree v2.2.5.0 it has created some directories with a few files in it (each file 50KB-200KB) :
    2 hidden directories in C:\Users\Documents
    2 hidden directories in C:\Users
    2 hidden directories in C:\
    And it has created a Remote Drive A: with the same files.​
    These directories are removed after deinstallation, so there are not leftovers.
    But there were problems with shutting down, the process of RansomFree seems to be hanging.
    Yes, there were issues with shutting down, RansomFree seems to be the culprit.
    OS: Windows 8 (see signature)
     
  19. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,160
    Location:
    Paris
    Thanks Mood! I wasn't sure if it was just my setup or something intrinsic to the new build.
     
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,969
    Location:
    DC Metro Area
    Now Latest is: v, 2.2.5.1
     
  21. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,549
    Thanks :thumb:

    I guess they fixed the "hang-issue" which was mentioned in #267 and #268 but i can't test it right now.
     
  22. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    152
    Location:
    Baana
    Seems to be another smallish issue they overlooked....
    https://www.youtube.com/watch?v=8ysRsqpHWX0
    :gack:
     
  23. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    414
    Location:
    Earth
    Right. I think giving RF 12mos to improve, would still net the same results.
    @Peter2150
    Isn't the very definition of insanity, "doing the same thing over & over and expecting dif results" ?
    lol j/k
     
    Last edited: Mar 6, 2017
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,985
    Yes it sure is.
     
  25. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,549
    "A bit more tweaking may be in order ..."
    After watching the videos, i guess the developers still have a lot of work to do...