RansomFree by Cybereason

Discussion in 'other anti-malware software' started by Blackcat, Dec 19, 2016.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    522
    Location:
    Lunar module
    Very beautiful software! Instantly neutralized the threat from the Rabbit.
    11.png
     
  2. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    522
    Location:
    Lunar module
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Does it still use bait folders?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Never mind, they do. No Thank you
     
  5. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    522
    Location:
    Lunar module
    Yes, CryptoPrevent creates folders with "HoneyPot" files on each partition of the hard drive.
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,682
    Location:
    Mexico
    HoneyPots are useless if crypto-ransomware starts encrypting hmm... network shared folders?
     
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    522
    Location:
    Lunar module
    HoneyPots are very useful, they are needed to make it easier to detect the beginning of the virus. Here is an example of triggering in the CryptoPrevent.
    cp.png
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    27,703
    But as long malware isn't touching honeypot files, malware won't be detected.
     
  9. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,431
    Location:
    Paris
    Aldist- actually Honeypots are not very useful. The theory is (and was once the case) that ransomware would attack the "low hanging fruit" first- this includes both Honeypot files as well as things that the User may create that resides in a directory on c: root. This would give an anti-ransomware application time to "see" what is happening and protect those things that they want to protect.

    The downside to this protection method is twofold:

    1). Essentially a Honeypot is indistinguishable from some directory that the User places on C: Root; also Fortress class ransomware will encrypt non-running exe and dll files in addition to personal files like doc's and jpg's. So when the Honeypot falls, so do these things (see my last video on Trend Micro for an example).

    2). Many ransomware types can be termed Fast Encryptors; this type of malware will encrypt everything simultaneously: HoneyPot files AND your Personal files will fall at the same time.

    ps- I really suggest that you do not rely on CP...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.