RansomFree by Cybereason

RansomOff and RansomFree are (2) different programs.

 

Sorry !!! My Bad Deleted the post.

 

Cybereason RansomFree v2.4.1.0 Released (08 October 2017)
no changelog available
Download

 

https://malwaretips.com/threads/ransomoff-first-look-at-new-user-interface.75873/page-2#post-684272

Impressed CS.

 

That's a link to RansomOff which is a different app. But I did see CS mention that RansomFree has been improved.

 

"The most impressive result came from an application that I mercilessly mocked in the past, that being RansomFree."

That's from a link to a CS post in a thread about RansomOff. Happy? I'm not sure what you were trying to achieve.

 

That she previously didn't rate RansomFree, now she does.

 

I'm trying to say that it was a bit confusing, but now it's a lot more clear. But you know what the thing is, none of these tools offer 100% protection anyways. Later she mentions that RansomFree failed to protect against a variant of NotPetya.

 

I'm so glad you are happy. I thought Meghan spelled it out very well (as usual) in her post and there was no need for me to duplicate, assuming one bothered to click and read.

 

I think you mean AppCheck (in that post), but that is fixed now, see https://www.wilderssecurity.com/threads/appcheck-by-checkmal.391353/page-16#post-2715877 and subsequent posts.

 

The point is that some might not even have clicked on that link, because you wouldn't be the first to confuse RansomFree with RansomOff, that's why I made my comment. I hope you're happy with my explanation, geez.

No, it was about RansomFree. But I decided to go with AppCheck, it performs quite well without honeypots. Also, it's still not clear if RansomFree is capable of protection multiple drives, I don't believe CS has tested this.

 

This:

Pure honey without the hives, lol.

 

Rasheed- It's actually not really needed to test a secondary drive. What I normally do instead is monitor a directory on the C drive outside of Program Directory. If encryption occurs there it will occur also on secondary drives.

 

People that have an interest in security software I assume are quite bright. Others may not, evidently. Let's agree to disagree.

 

If you re-read the post: https://malwaretips.com/threads/ransomoff-first-look-at-new-user-interface.75873/page-2#post-684272,
actually it was AppCheck, not RansomFree: 'I question efficacy of AC due to the NP result'.
but that is fixed now: https://www.wilderssecurity.com/threads/appcheck-by-checkmal.391353/page-16#post-2716052 (and preceding).

 

Didn't know about that one. Isn't it possible to simulate a secondary drive on a virtual machine, just to be sure? I was also thinking, do you think it's possible to combine RansomFree and AppCheck, or will this cause problems? Perhaps you can test this. Almost forget to ask, would be cool if you tested Protected Folders on Win 10. I have this feeling it will fail against ransomware that's using process hollowing.

It's not about being smart, it's about being clear. But yes, let's agree to disagree.

I don't think it's a bad concept, but if others can protect the system without honeypot, I prefer to use them because it also costs disk-space.

 

Rasheed- It's quite easy to add a secondary drive to a VM, and I've done so on occasion. But I am glad you brought this up as it seems many have a misconception about secondary drives and how ransomware can effect them.

Consider this- let's say you have 3 drives (a primary and 2 secondaries) and you can't remember where you stored a certain Doc file. You can do a search for that particular file that will include all of the drives. If it is on your system the search will find it. Ransomware more or less will operate in the same way- it will search your system not for a particular file but instead for certain extensions; and once found it will encrypt them. So if you see ransomware trashing stuff that resides on the Desktop you can be assured that it will also encrypt things in other non-protected directories and on other non-protected drives.

The above is why I have an issue with applications that say they will protect your documents if found in the Users folder on C drive; Big Whoop! I have stuff spread over multiple drives that I also want protected. Will that mechanism also protect them? Not at all- optimum would be something that will detect and stop the malware immediately on run- and this will be independent of things like Cloud Definitions and specific Folder protections.

 

I guess I am one of the not so bright ones, but this discussion has lost me. I thought I was reading a thread about Ransomfree, but with all the confustion with the interactions about Ransomoff, AppCheck, etc. I am not getting much info about Ransomfree.

 

Lordy- this topic WAS about RansomFree, wasn't it? So John- it's not about you... it's about me (I love that line; used early and often...).

To clarify things, trust me that the applications RansomOff, AppCheck, and RanStop are the top of the line when it comes to stand alone anti-ransomware applications. AppCheck and Ranstop are Paid but with mature Backup modalities. RansomOff is Free and has utility beyond ransomware.

Regarding RansomFree- they have improved dramatically but preliminary work on the newest version questions whether it achieves the optimal protection afforded by the previously mentioned three.

 

Thank you for the info, cruelsister!

 

I think i'll answer in this thread

With the release of 2.3.0.0 they have added protection against "MBR-based" ransomware.
But i assume that this doesn't mean that it is protecting the MBR now?

 

I guess we'll have to see this weekend...

 

The thing is, I believe some member reported that early versions of RansomFree were able to successfully protect the system drive, but failed to protect the other drives. So apparently this IS possible. And what about my idea to combine RansomFree with AppCheck? Good idea or not?

 

Cybereason RansomFree v2.4.2.0 Released (Digital Timestamp of the installer: December 17, 2017)
no changelog available
Download