RansomFree by Cybereason

Discussion in 'other anti-malware software' started by Blackcat, Dec 19, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Very disappointing, this tells me that there are probably NO other behavioral monitors, it's only watching the honey pot files, before it decides ransomware is probably active. And I wonder if all partitions are now protected in the newest version. I really wonder why the developer hasn't managed to fix this. BTW, this product is also using the honey-pot method:

    https://www.watchpointdata.com/cryptostopper-tour

    Yes I agree, so no wonder EIS alerted about this.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,412
    Location:
    U.S.A.
    Video of use of "bait" folders as they refer to the honeypots is on the web. Appears software is primarily server based although I believe they offer a workstation version. Viewing the video, they protect all directories from C:\ by default. They also allow and encourage users to create their own honeypot folders. Their software also includes installation of a user service that will auto shutdown the server whenever any ransomware activity is detected. Again, I believe their target market is enterprise.
     
  3. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    New release...

    Ransomware Simulator "RanSim" 1.0.2.4


    No release notes or changelog..
     
  4. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    283
    Location:
    USA
    My experience would indicate otherwise. I have used the beta version of Cartes du Ciel (SkyChart) for years. Never had an issue installing. With RansomFree installed, the installer seems to stop at documents and such telling me that the file being updated is in use by another program, or something like that, and then seems to proceed with no problem if I click "retry". I now pause RansomFree when updating CdC so that the installation isn't continually interrupted.
     
    Last edited: Jan 4, 2017
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,816
    Location:
    U.S.A. (South)
    Links?
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,326
    It was mentioned at Majorgeeks today, but it's an "old version" which was already released last week: #76
     
  7. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    774
    Location:
    U.S. Citizen
    Greeting& Salutations!

    Could you tell me the different between Cybereason RansomFree & Kaspersky Anti-Ransomware Tool for Business? For Example Cleaning/Disinfection/Rollback?


    Just seeing if individual are really looking into what is working and what is not working
    for stopping Ransomware
    ?

    http://www.ghacks.net/2016/03/30/anti-ransomware-overview/
    At the bottom of the page, Anti-Ransomware Software Comparison.

    And in your opinion what the is the best Anti-Ransomware for protection and stopping Ransomware?

    Kind regards,:)
     
    Last edited: Jan 4, 2017
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    OK, I see. But did you get an alert about or not? Because if not, I would consider this more as a conflict.
     
  9. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    774
    Location:
    U.S. Citizen
    Greeting & Salutations,

    Conflict!

    Easy way is to turn everything off security and install,
    Reboot your system
    then turn back on.

    Kind regards,
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,412
    Location:
    U.S.A.
    A great way to have malware, PUA, PUP, Adware, you name it installed on your PC.o_O
     
  11. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    774
    Location:
    U.S. Citizen
    Greeting &Salutation,

    Not if you do quick scan after installing with your security software that you have install.
    5 minutes of your time!!!:geek: Not a big deal.
     
  12. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    283
    Location:
    USA
    A conflict maybe, but if there weren't any other behavioral monitors, why would it be conflicting when another program is attempting to do something with documents and such, and why would there be an alert, if after checking long enough to disrupt the installation, it doesn't find anything suspicious?
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Might be a bug, if it thinks there is something fishy going on, it should simply alert. But only the developer can give us more answers.
     
  14. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    283
    Location:
    USA
    As I asked before, if it checked to see if something fishy is going on, but didn't find anything fishy going on, why would it alert? I don't think I would find it too helpful if it just alerted me that something might be fishy, but didn't check.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    If it doesn't alert, it should also not interfere, I can't explain it any better. But anyway, what's way more interesting, is which other type of behavior it's monitoring. Too bad that the developer hasn't been active in this thread anymore, that's usually not a good sign, unless he's active on some other forum.
     
  16. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    283
    Location:
    USA
    Maybe I wasn't real clear about what seems to happen;
    The installer seems to pause momentarily, and pops up a message telling me that some file, I believe like a help document or something if I recall, is in use, and gives me the option to retry, and when I retry it proceeds. This leads me to believe that RansomFree checked the file to see if anything was suspicious just long enough to interrupt the installation, and as it didn't find anything suspicious it didn't take any other action.

    No, it's not ideal, but is an indication to me that RansomFree is doing more than honeypots as other have said even though the developers had said there are in fact other detection methods. I also don't know if any program that is truly effective can be entirely transparent. It may be something that can be improved, but I don't think it's an indication that it's almost worthless as some seem to want to make it out to be.

    Maybe the installer for the other program could be improved to not stall as easily on a momentary interruption also?
     
  17. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    283
    Location:
    USA
    As I'm sure others here are still testing it, and I haven't seen other "conflicts" with RF, I assume problems are pretty rare, and a pretty good sign for new security software, but I would be curious if others here have had any issues?

    While it would be ideal, I don't know of any security software that is 100% effective and 100% transparent with no system impacts. I hope the developers will continue to work on it, I have the idea they may know a little bit more about what they're doing than most of us seem to want to give them credit for. It would be nice if they have time to reply on the forum, but I haven't seen a whole lot of positive, helpful posts that would be useful to them.

    Anyone else having any issues with RansomFree?
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    OK, I now understand it a bit better.

    Same over here, I still think it's an interesting tool, including the honey-pot idea. But the fact that it didn't protect all partitions made some people skeptical, this shouldn't have been missed by such a company. Hopefully they will fix this.
     
  19. Yegor Efremov

    Yegor Efremov Registered Member

    Joined:
    Jan 9, 2017
    Posts:
    17
    Location:
    Michigan
    Hi guys. I checked out this company before trying this and felt disclosure here may help base opinion. It's mostly intelligence people staffed, also they've taken heavy funding from military and intelligence. Unit8200 is scarier version of NSA. I decided not to try it. :isay:

    About Cybereason:
    Cybereason was founded in Israel by former members of Israel Defense Forces' signals intelligence arm, Unit 8200

    Also some funding from: Lockheed Martin Corp, Softbank, Charles River Venture, Spark Capital
     
  20. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    283
    Location:
    USA
    Thanks,

    On the positive side: The Best Tech School On Earth Is Israeli Army Unit 8200 (Business Insider). So it appears they should be competent as to their technical skills.

    I would be more concerned if they tried to hide it, from their website:
    There is a certain amount of trust you have to put into any security vendor. There are organizations and countries I'm far more concerned about. I believe I'm more at risk from Rasomware than from Cybereason.

    But it is good to be informed when you place your trust in a company.
     
  21. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,657
    Location:
    DC Metro Area
    @UriCybereason :)

    For at least the past two days I have been getting a Pop-Up Warning to the effect of "Cybereason has encountered an error and has shut down. Restart your computer to re-enable protection." However, it happens on every restart. Have uninstalled.
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,063
    Location:
    Mexico
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,505
    Location:
    Slovenia
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,816
    Location:
    U.S.A. (South)
    First it can detect the ransomware malware when it arrives on a computer if it has a signature it recognizes

    Signature Based?
     
  25. Having the same thoughts, after such a warm welcome . . . :gack:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.